At 01:58 p.m. 07/07/2005, Bob Hinden wrote:
A friend sent me this reference. I have not looked into this in detail, so
this may be a well-known problem:
http://kerneltrap.org/node/5382
There is a thread on /. about this today as well. I think most of this is
old news.
The attacks are not new, and that's acknowledged in the draft. However,
there were not counter-measures for them.
Have a look at the NISCC and CERT/CC vulnerability reports, and see the
number of implementations affected.
The new ICMPv6 update that is being worked on has a major revision to the
Security Considerations section that should cover these issues.
Yes. We discussed this some time ago, and Mukesh has already addressed
these issues in the ICMPv6 update.
If I remember correctly, the work in V6OPS that the article refers to was
fed into the new ICMPv6 draft.
I don't think so. However, the current ICMPv6 update defines the semantics
of ICMPv6 error messages, and thus allows anything that runs over IPv6 to
handle ICMP error messages in what they think is the best way. Thus
allowing the "TCP's reaction to soft errors" thing to be implemented
without violating the specs (as is the case with IPv4), for example.
The IPv6-related stuff will be updated in the next revision of my draft,
which should be ready in the next few days. If you consider it appropriate,
I can announce the draft on this list, too, so that we can discuss the
v6-specific stuff.
Kindest regards,
--
Fernando Gont
e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------