[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-nakibly-v6ops-tunnel-loops-02.txt
- To: v6ops@ops.ietf.org
- Subject: draft-nakibly-v6ops-tunnel-loops-02.txt
- From: Gabi Nakibly <gnakibly@yahoo.com>
- Date: Wed, 12 May 2010 11:21:56 -0700 (PDT)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=LioW7yGoBZKaeWhzE76Kkq/Wno11G+OCRjbRKa2YavLtBh1nGZ9f5A4B7CEOkzTC0U0fsAa/FCrCmWiR4XBuGBqoStTh9d5StUjWutu4loeOUR0S+4T+XqDJUha8aPSx11CtnmklUr7rCbNPGmAsOtN7yJTkEPv7nWrR/9Br/Mc=;
I would like to draw the attention of the list to a new version of the I-D titled "Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations".
To remind you, the routing loop attack may be used to DoS any automatic IPv6-in-IPv4 tunnels. This version discusses the attack as it applies to all automatic tunnels in general (the previous version focused only on ISATAP and 6to4). It also suggests some possible mitigation measures.
I would be happy to get your feedback on the attack, the suggested mitigation measures and the importance of the draft.
Abstract
This document is concerned with security vulnerabilities in IPv6-in-
IPv4 automatic tunnels. These vulnerabilities allow an attacker to
take advantage of inconsistencies between a tunnel's overlay IPv6
routing state and the native IPv6 routing state. The attack forms a
routing loop which can be abused as a vehicle for traffic
amplification to facilitate DoS attacks. The first aim of this
document is to inform on this attack and its root causes. The second
aim is to present some possible mitigation measures.
http://tools.ietf.org/html/draft-nakibly-v6ops-tunnel-loops-02
Gabi