Re: [secdir] secdir review of draft-ietf-hip-mm-04.txt

[Christian Vogt]

Ah, very good!  Thanks for the pointer, Sam.

- Christian

-- 
Christian Vogt, Institute of Telematics, Universitaet Karlsruhe (TH)
www.tm.uka.de/~chvogt/pubkey/



Sam Hartman wrote:
 Christian == Christian Vogt [EMAIL PROTECTED] writes:
 Christian unamplified flooding would also be possible for the
 Christian attacker without HIP because the attacker could send
 Christian flooding packets with an IPv6 Routing header, directing
 Christian the packets to the correspondent node first, and from
 Christian there to the victim.  To prevent this attack, the
 Christian firewall would have to look into the flooding packets'
 Christian extension headers since the IPv6 header would
 Christian (legitimately) include the correspondent node's IP
 Christian address.
 
 
 Take a look at the v6ops IPV6 security overvew document.  It
 recommends dropping most routing headers to avoid this sort of attack.
 

___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Re: [secdir] secdir review of draft-ietf-hip-mm-04.txt

[Sam Hartman]

 Christian == Christian Vogt [EMAIL PROTECTED] writes:
Christian unamplified flooding would also be possible for the
Christian attacker without HIP because the attacker could send
Christian flooding packets with an IPv6 Routing header, directing
Christian the packets to the correspondent node first, and from
Christian there to the victim.  To prevent this attack, the
Christian firewall would have to look into the flooding packets'
Christian extension headers since the IPv6 header would
Christian (legitimately) include the correspondent node's IP
Christian address.


Take a look at the v6ops IPV6 security overvew document.  It
recommends dropping most routing headers to avoid this sort of attack.


___
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf