[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exim and IPv6 Help

To: Henning Brauer <lists-openbsdtech@bsws.de>
Subject: Re: Exim and IPv6 Help
From: itojun@iijlab.net
Date: Thu, 12 Jul 2001 21:17:13 +0900
Cc: ipv6@openbsd.org, OpenBSD tech <tech@openbsd.org>

>So we are again in the area of IPv4-mapped addresses not supported under
>OpenBSD. NetBSD has a sysctl switch to enable this if I remember your
>previous mail right. What's wrong with this approach?

	- kernel code gets more complex and we cannot audit kernel code.
	- applications can still be tricked to do bad things. (think of FTP
	  bounce attacks on active mode FTP, with more complexity with IPv4
	  mapped address).  for more complete attack scenarios see my recent
	  posting to bugtraq.

	actually, I don't really like the switch we have in NetBSD.  it has
	certain brokenness in places like in6_pcbbind(), as well as possibility
	to get abused.

itojun

Follow-Ups:
- Re: Exim and IPv6 Help
  - From: Henning Brauer <lists-openbsdtech@bsws.de>

References:
- Re: Exim and IPv6 Help
  - From: Henning Brauer <lists-openbsdtech@bsws.de>

Prev by Date: Re: Exim and IPv6 Help
Next by Date: Re: Exim and IPv6 Help
Prev by thread: Re: Exim and IPv6 Help
Next by thread: Re: Exim and IPv6 Help
Index(es):
- Date
- Thread