[LAC-TF] Fwd: New IETF I-D on IPv6 ND SLLA/TLLA options (forwarding loops)
Fernando Gont
fgont at si6networks.com
Fri Feb 14 13:06:15 BRST 2014
Estimados,
Acabamos de publicar un nuevo IETF I-D sobre opciones SLLA/TLLA de
Neighbor Discovery. El mismo se encuentra disponible en:
<http://www.ietf.org/internet-drafts/draft-gont-6man-lla-opt-validation-00.txt>
Es super-super simple de leer. Y al menos uno de los ataques es
"curioso", en el sentido de que es tan tonto que esperaba que no funcione.
Si pueden enviar comentarios, serán bienvenidos. Si lo pueden hacer en
ingles (idealmente), envienlos a
"draft-gont-6man-lla-opt-validation at tools.ietf.org" (sin las comillas) e
incluyendo en el CC a "ipv6 at ietf.org" (sin las comillas).
En caso de hacerlo en español, envíenmelos a mi, o por esta lista.
Saludos, y gracias!
Fer
-------- Original Message --------
Date: Fri, 14 Feb 2014 11:59:35 -0300
From: Fernando Gont <fgont at si6networks.com>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Subject: New IETF I-D on IPv6 ND SLLA/TLLA options (forwarding loops)
References: <20140214145359.7925.43448.idtracker at ietfa.amsl.com>
Folks,
We have published a new IETF I-D on issues arising from "malicious"
Neighbor Discovery SLLA/TLLA options. The I-D is available at:
<http://www.ietf.org/internet-drafts/draft-gont-6man-lla-opt-validation-00.txt>
We'd welcome any comments. If you feel like sending feedback, please
send it to "draft-gont-6man-lla-opt-validation at tools.ietf.org" (without
the quotes, and make sure to CC "ipv6 at ietf.org" (without the quotes).
The aforementioned issues can, of course, be reproduced with THC-IPv6
and the IPv6 toolkit (http://www.si6networks.com/tools/ipv6toolkit).
Thanks!
Best regards,
Fernando
-------- Original Message --------
From: - Fri Feb 14 11:54:20 2014
From: internet-drafts at ietf.org
To: Shucheng LIU (Will) <liushucheng at huawei.com>, Will (Shucheng) Liu
<liushucheng at huawei.com>, Fernando Gont <fgont at si6networks.com>, Ron
Bonica <rbonica at juniper.net>, Fernando Gont <fgont at si6networks.com>,
Ronald P. Bonica <rbonica at juniper.net>
Subject: New Version Notification for
draft-gont-6man-lla-opt-validation-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 5.0.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140214145359.7925.43448.idtracker at ietfa.amsl.com>
Date: Fri, 14 Feb 2014 06:53:59 -0800
A new version of I-D, draft-gont-6man-lla-opt-validation-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Name: draft-gont-6man-lla-opt-validation
Revision: 00
Title: Validation of Neighbor Discovery Source Link-Layer Address
(SLLA) and Target Link-layer Address (TLLA) options
Document date: 2014-02-14
Group: Individual Submission
Pages: 10
URL:
http://www.ietf.org/internet-drafts/draft-gont-6man-lla-opt-validation-00.txt
Status:
https://datatracker.ietf.org/doc/draft-gont-6man-lla-opt-validation/
Htmlized:
http://tools.ietf.org/html/draft-gont-6man-lla-opt-validation-00
Abstract:
This memo documents two scenarios in which an on-link attacker emits
a crafted IPv6 Neighbor Discovery (ND) packet that poisons its
victim's neighbor cache. In the first scenario, the attacker causes
a victim to map a local IPv6 address to a local router's own link-
layer address. In the second scenario, the attacker causes the
victim to map a unicast IP address to a link layer broadcast address.
In both scenarios, the attacker can exploit the poisoned neighbor
cache to perform a subsequent forwording-loop attack, thus
potentially causing a Denial of Service.
Finally, this memo specifies simple validations that the recipient of
an ND message can execute in order to protect itself against the
above-mentioned threats.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
More information about the LACTF
mailing list