Hi all,
I would like to draw your attention to a new version of an I-D. It is concerned with routing loop attacks on ISATAP and 6to4 that may cause DoS. The I-D proposes some mitigation measures, which are the result of discussions made on the list a few months ago. The draft is co-authored with Fred Templin.
Your comments are welcome.
Gabi
----- Forwarded Message ----
From: IETF I-D Submission Tool <idsubmission@ietf.org>
To: gnakibly@yahoo.com
Sent: Mon, February 1, 2010 9:07:38 PM
Subject: New Version Notification for draft-nakibly-v6ops-tunnel-loops-01
A new version of I-D, draft-nakibly-v6ops-tunnel-loops-01.txt has been successfuly submitted by Gabi Nakibly and posted to the IETF repository.
Filename: draft-nakibly-v6ops-tunnel-loops
Revision: 01
Title: Routing Loops using ISATAP and 6to4: Problem Statement and Proposed Solutions
Creation_date: 2010-02-01
WG
ID: Independent Submission
Number_of_pages: 13
Abstract:
This document is concerned with security vulnerabilities in the
ISATAP and 6to4 tunnels. These vulnerabilities allow an attacker to
take advantage of inconsistencies between a tunnel's overlay IPv6
routing state and the native IPv6 routing state. The attacks form
routing loops which can be abused as a vehicle for traffic
amplification to facilitate DoS attacks. We describe these security
vulnerabilities and the attacks which exploit them. We further
recommend on solutions to remove the vulnerabilities.
The
IETF Secretariat.