[LACNIC/Seguridad] Fwd: RFC 7113 on Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)
Fernando Gont
fgont en si6networks.com
Vie Feb 14 01:54:05 BRST 2014
FYI: <http://www.rfc-editor.org/rfc/rfc7113.txt>
Los detalles de implementación son principalmente de interés para
vendors. Pero las técnicas de evasión son interesantes para todos (y
reproducibles con la herramienta ra6 de
<http://www.si6networks.com/tools/ipv6toolkit>)
(Las "técnicas" de evasión son, de algún modo, mas viejas que la
escarapela. La "recurrencia" humana, eterna.)
Saludos,
Fernando
-------- Original Message --------
Subject: [v6ops] RFC 7113 on Implementation Advice for IPv6 Router
Advertisement Guard (RA-Guard)
Date: Tue, 11 Feb 2014 13:55:26 -0800 (PST)
From: rfc-editor en rfc-editor.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: drafts-update-ref en iana.org, v6ops en ietf.org, rfc-editor en rfc-editor.org
A new Request for Comments is now available in online RFC libraries.
RFC 7113
Title: Implementation Advice for IPv6 Router
Advertisement Guard (RA-Guard)
Author: F. Gont
Status: Informational
Stream: IETF
Date: February 2014
Mailbox: fgont en si6networks.com
Pages: 13
Characters: 29272
Updates: RFC 6105
I-D Tag: draft-ietf-v6ops-ra-guard-implementation-07.txt
URL: http://www.rfc-editor.org/rfc/rfc7113.txt
The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly
employed to mitigate attack vectors based on forged ICMPv6 Router
Advertisement messages. Many existing IPv6 deployments rely on
RA-Guard as the first line of defense against the aforementioned attack
vectors. However, some implementations of RA-Guard have been found
to be prone to circumvention by employing IPv6 Extension Headers.
This document describes the evasion techniques that affect the
aforementioned implementations and formally updates RFC 6105, such
that the aforementioned RA-Guard evasion vectors are eliminated.
This document is a product of the IPv6 Operations Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see
http://www.rfc-editor.org/search/rfc_search.php
For downloading RFCs, see http://www.rfc-editor.org/rfc.html
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
v6ops mailing list
v6ops en ietf.org
https://www.ietf.org/mailman/listinfo/v6ops
Más información sobre la lista de distribución Seguridad