Folks, We have published a new IETF I-D on "IPv6 smurf amplifiers". The I-D is available at: <http://tools.ietf.org/id/draft-gont-6man-ipv6-smurf-amplifier-00.txt>.
This may be an issue when BC38 is not deployed, or when the BCP38 implementation is buggy (yes, there have been instances of this). Note: This vector can also be exploited with normal link-local multicast addresses, but for obvious reasons it becomes a more important issue with non-local multicast. Abstract: ---- cut here ---- When an IPv6 node processing an IPv6 packet does not support an IPv6 option whose two-highest-order bits of the Option Type are '10', it is required to respond with an ICMPv6 Parameter Problem error message, even if the Destination Address of the packet was a multicast address. This feature provides an amplification vector, opening the door to an IPv6 version of the 'Smurf' Denial-of-Service (DoS) attack found in IPv4 networks. This document discusses the security implications of the aforementioned options, and formally updates RFC 2460 such that this attack vector is eliminated. Additionally, it describes a number of operational mitigations that could be deployed against this attack vector. ---- cut here ---- Any feedback will be welcome. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------