[LAC-TF] Fwd: IPv6 smurf amplifiers (draft-gont-6man-ipv6-smurf-amplifier-01.txt)
Fernando Gont
fgont at si6networks.com
Fri Jan 11 15:52:12 BRST 2013
FYI.
Revisión de nuestro I-D sobre ataques smurf en IPv6.
-------- Original Message --------
Message-ID: <50F04265.2040302 at si6networks.com>
Date: Fri, 11 Jan 2013 13:48:37 -0300
From: Fernando Gont <fgont at si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0
Thunderbird/17.0
MIME-Version: 1.0
To: ipv6 at ietf.org <ipv6 at ietf.org>
CC: Will Liu (Shucheng) <liushucheng at huawei.com>
Subject: IPv6 smurf amplifiers (draft-gont-6man-ipv6-smurf-amplifier-01.txt)
Folks,
We have published a revision of our I-D entitled "Security Implications
of IPv6 options of Type 10xxxxxx", about IPv6 smurf amplifiers.
The I-D is available at:
<http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt>.
Any comments will be very appreciated.
Thanks!
Best regards,
Fernando
-------- Original Message --------
From: - Fri Jan 11 13:40:47 2013
From: internet-drafts at ietf.org
To: fgont at si6networks.com
Cc: liushucheng at huawei.com
Subject: New Version Notification for
draft-gont-6man-ipv6-smurf-amplifier-01.txt
Message-ID: <20130111164012.4921.69654.idtracker at ietfa.amsl.com>
Date: Fri, 11 Jan 2013 08:40:12 -0800
A new version of I-D, draft-gont-6man-ipv6-smurf-amplifier-01.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Filename: draft-gont-6man-ipv6-smurf-amplifier
Revision: 01
Title: Security Implications of IPv6 options of Type 10xxxxxx
Creation date: 2013-01-11
WG ID: Individual Submission
Number of pages: 9
URL:
http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt
Status:
http://datatracker.ietf.org/doc/draft-gont-6man-ipv6-smurf-amplifier
Htmlized:
http://tools.ietf.org/html/draft-gont-6man-ipv6-smurf-amplifier-01
Diff:
http://www.ietf.org/rfcdiff?url2=draft-gont-6man-ipv6-smurf-amplifier-01
Abstract:
When an IPv6 node processing an IPv6 packet does not support an IPv6
option whose two-highest-order bits of the Option Type are '10', it
is required to respond with an ICMPv6 Parameter Problem error
message, even if the Destination Address of the packet was a
multicast address. This feature provides an amplification vector,
opening the door to an IPv6 version of the 'Smurf' Denial-of-Service
(DoS) attack found in IPv4 networks. This document discusses the
security implications of the aforementioned options, and formally
updates RFC 2460 such that this attack vector is eliminated.
Additionally, it describes a number of operational mitigations that
could be deployed against this attack vector.
The IETF Secretariat
More information about the LACTF
mailing list