[LAC-TF] Resvisión del I-D sobre RA-Guard (Fwd: New Version Notification for draft-ietf-v6ops-ra-guard-implementation-01.txt)
Fernando Gont
fgont at si6networks.com
Sat Mar 3 19:26:51 BRT 2012
Estimados,
Acabo de publicar una revisión del IETF I-D en cuestión.
La misma esta disponible en:
<http://tools.ietf.org/id/draft-ietf-v6ops-ra-guard-implementation-01.txt>
Pueden encontrar un diff con la version anterior, en:
<http://tools.ietf.org//rfcdiff?url1=http://tools.ietf.org/id/draft-ietf-v6ops-ra-guard-implementation-00.txt&url2=http://tools.ietf.org/id/draft-ietf-v6ops-ra-guard-implementation-01.txt>
Cualquier comentario, será bienvenido,
Saludos, y gracias!
Fernando
-------- Original Message --------
Subject: New Version Notification for
draft-ietf-v6ops-ra-guard-implementation-01.txt
Date: Sat, 03 Mar 2012 12:15:03 -0800
From: internet-drafts at ietf.org
To: fgont at si6networks.com
A new version of I-D, draft-ietf-v6ops-ra-guard-implementation-01.txt
has been successfully submitted by Fernando Gont and posted to the IETF
repository.
Filename: draft-ietf-v6ops-ra-guard-implementation
Revision: 01
Title: Implementation Advice for IPv6 Router Advertisement Guard
(RA-Guard)
Creation date: 2012-03-03
WG ID: v6ops
Number of pages: 18
Abstract:
The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly
employed to mitigate attack vectors based on forged ICMPv6 Router
Advertisement messages. Many existing IPv6 deployments rely on RA-
Guard as the first line of defense against the aforementioned attack
vectors. However, some implementations of RA-Guard have been found
to be prone to circumvention by employing IPv6 Extension Headers.
This document describes the evasion techniques that affect the
aforementioned implementations, and provides advice on the
implementation of RA-Guard, such that the RA-Guard evasion vectors
are eliminated.
The IETF Secretariat
More information about the LACTF
mailing list