Hi, Ole,
On 01/14/2013 05:10 AM, Ole Troan wrote:
>> We have published a revision of our I-D entitled "Security Implications
>> of IPv6 options of Type 10xxxxxx", about IPv6 smurf amplifiers.
>>
>> The I-D is available at:
>> <http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt>.
>>
>> Any comments will be very appreciated.
>
> isn't this attack covered already inRFC4443, section 5.2 bullet 5?
No. The following text in Section 4.2 of RFC 2460 overrides what's in
RFC 4443:
10 - discard the packet and, regardless of whether or not the
packet's Destination Address was a multicast address, send an
ICMP Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.
That's why RFC 2460 needs to be updated.
FWIW, all implementations I've tested so far behave as specified in RFC
2460, and hence can be leveraged as smurf amplifiers.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
