Hi, I noticed one more security issue like the Destination options header attack. A packet is sent by using a destination header as a Multicast Group address, and source address of the machine to be attacked. A random Option type is added to the destination Options header, which has the highest order two bits as 10 (send ICMP Reply to the source).
The above would cause ICMP packets to be sent to the source address from all members of the multicast group to the source. This could very eaily overwhelm the source I think the use of the Option-Type with highest order two bits as 10, should be deprecated. Let me hear the views. I would also want to hear the views reflected by Elwyn, Suresh and I regarding the Tiny Fragments issues. We would wnat to add that to the standard too. I have also posted a draft for checks to be added to the IPv6 header Routing header, to minimize and raise the barrier of an amplification attack. Thanks, Vishwas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
