IPv6 smurf amplifiers (draft-gont-6man-ipv6-smurf-amplifier-01.txt)

Fri, 11 Jan 2013 08:49:17 -0800 

Folks,

We have published a revision of our I-D entitled "Security Implications
of IPv6 options of Type 10xxxxxx", about IPv6 smurf amplifiers.

The I-D is available at:
<http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt>.

Any comments will be very appreciated.

Thanks!

Best regards,
Fernando




-------- Original Message --------
From: - Fri Jan 11 13:40:47 2013
From: internet-dra...@ietf.org
To: fg...@si6networks.com
Cc: liushuch...@huawei.com
Subject: New Version Notification for
draft-gont-6man-ipv6-smurf-amplifier-01.txt
Message-ID: <20130111164012.4921.69654.idtrac...@ietfa.amsl.com>
Date: Fri, 11 Jan 2013 08:40:12 -0800


A new version of I-D, draft-gont-6man-ipv6-smurf-amplifier-01.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.

Filename:        draft-gont-6man-ipv6-smurf-amplifier
Revision:        01
Title:           Security Implications of IPv6 options of Type 10xxxxxx
Creation date:   2013-01-11
WG ID:           Individual Submission
Number of pages: 9
URL:
http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt
Status:
http://datatracker.ietf.org/doc/draft-gont-6man-ipv6-smurf-amplifier
Htmlized:
http://tools.ietf.org/html/draft-gont-6man-ipv6-smurf-amplifier-01
Diff:
http://www.ietf.org/rfcdiff?url2=draft-gont-6man-ipv6-smurf-amplifier-01

Abstract:
   When an IPv6 node processing an IPv6 packet does not support an IPv6
   option whose two-highest-order bits of the Option Type are '10', it
   is required to respond with an ICMPv6 Parameter Problem error
   message, even if the Destination Address of the packet was a
   multicast address.  This feature provides an amplification vector,
   opening the door to an IPv6 version of the 'Smurf' Denial-of-Service
   (DoS) attack found in IPv4 networks.  This document discusses the
   security implications of the aforementioned options, and formally
   updates RFC 2460 such that this attack vector is eliminated.
   Additionally, it describes a number of operational mitigations that
   could be deployed against this attack vector.





The IETF Secretariat




--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to