[LACNIC/Seguridad] PowerDNS

Ronaldo Venci ronaldo.venci en open-xchange.com
Mar Feb 16 12:20:55 BRST 2016 

Estimados, this email is just to let you all know that PowerDNS is now part of
Open-Xchange. We are planning on several improvements and different services in
the near future. 

Let us know what your thoughts are about PowerDNS and whether there is anything
we can do to help if you are a current customer / User.

Thanks.

> 
>     On February 16, 2016 at 7:19 AM Fernando Gont <fgont en si6networks.com>
> wrote:
> 
> 
>     ("Tema" corregido)
> 
>     On 02/16/2016 06:53 AM, Fernando Gont wrote:
> 
>         > > 
> >         Estimados,
> > 
> >         FYI: <https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-privacy-02>
> > 
> >         ---- cut here ----
> > 
> >         4.3. Allocation strategies
> > 
> >         A DHCPv6 server running in typical, stateful mode is given a task of
> >         managing one or more pools of IPv6 resources (currently
> > non-temporary
> >         addresses, temporary addresses and/or prefixes, but more resource
> >         types may be defined in the future). When a client requests a
> >         resource, server must pick a resource out of configured pool.
> >         Depending on the server's implementation, various allocation
> >         strategies are possible. Choices in this regard may have privacy
> >         implications.
> > 
> >         Iterative allocation - a server may choose to allocate addresses one
> >         by one. That strategy has the benefit of being very fast, thus can
> >         be favored in deployments that prefer performance. However, it makes
> >         the resources very predictable. Also, since the resources allocated
> >         tend to be clustered at the beginning of available pool, it makes
> >         scanning attacks much easier.
> > 
> >         Identifier-based allocation - some server implementations use a
> > fixed
> >         identifier for a specific client, seemingly taken from the client's
> >         MAC address when available or some lower bits of client's source
> > IPv6
> >         address. This has a property of being convenient for converting IP
> >         address to/from other identifiers, especially if the identifier is
> > or
> >         contains MAC address. It is also convenient, as returning client is
> >         very likely to get the same address, even if the server does not
> >         retain previous client's address. Those properties are convenient
> >         for system administrators, so DHCPv6 server implementors are
> > 
> > 
> > 
> >         Krishnan, et al. Expires June 29, 2016 [Page 9]
> > 
> > 
> >         Internet-Draft DHCPv6 Privacy considerations December 2015
> > 
> > 
> >         sometimes requested to implement it. There is at least one
> >         implementation that supports it. The downside of such allocation is
> >         that the client now discloses its identifier in its IPv6 address to
> >         all services it connects to. That means that correlation of
> >         activities over time, location tracking, address scanning and OS/
> >         vendor discovery apply.
> > 
> >         ---- cut here ----
> > 
> >         P.S.: En fin:
> > 
> >        <https://tools.ietf.org/html/draft-gont-predictable-protocol-ids-00>...
> > 
> >     > 
> 
>     --
>     Fernando Gont
>     SI6 Networks
>     e-mail: fgont en si6networks.com
>     PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> 
> 
> 
> 
>     _______________________________________________
>     Seguridad mailing list
>     Seguridad en lacnic.net
>     https://mail.lacnic.net/mailman/listinfo/seguridad
> 


Ronaldo Venci
VP of Sales – The Americas
Open-Xchange Inc.
Mobile: +1 (678) 237-5528
Office: +1 (408) 500-0768 x8821
Email: ronaldo.venci en open-xchange.com
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20160216/fcc42bca/attachment.html>

Más información sobre la lista de distribución Seguridad