draft-ietf-ipv6-deprecate-rh0-01-candidate-00

2007-05-28 Thread Joe Abley
On 24-May-2007, at 17:07, Joe Abley wrote: I've identified the following areas in which 00 might be modified, based on traffic in this list and a small handful of private mail. Please comment on the following, and point out any other outstanding issues that I missed. I have made some edi

Re: Destination options attack

2007-05-28 Thread Vishwas Manral
Hi Markku, The following is a quote RFC2460. The Option Type identifiers are internally encoded such that their highest-order two bits specify the action that must be taken if the processing IPv6 node does not recognize the Option Type: O O O 10 - discard the packet and, re

Re: Destination options attack

2007-05-28 Thread Pekka Savola
On Mon, 28 May 2007, Vishwas Manral wrote: I am not sure if RPF can catch it all. Its not the same as bombarding the source itself. With the attack I mention, we can actually send one packet (which goes to all members of the multicast group). This will cause all the members of the multicast grou

RE: Destination options attack

2007-05-28 Thread Suresh Krishnan \(QB/EMC\)
Hi Vishwas, The multicast RPF algorithm allows a multicast router to accept a multicast datagram only on the interface where it would send a unicast datagram to the source of that datagram. The first multicast router receiving this specific spoofed source datagram will notice that the packe

Re: Destination options attack

2007-05-28 Thread Vishwas Manral
Hi Pekka, I am not sure if RPF can catch it all. Its not the same as bombarding the source itself. With the attack I mention, we can actually send one packet (which goes to all members of the multicast group). This will cause all the members of the multicast group to send a reply to one source.

Re: Destination options attack

2007-05-28 Thread Pekka Savola
On Mon, 28 May 2007, Vishwas Manral wrote: I noticed one more security issue like the Destination options header attack. A packet is sent by using a destination header as a Multicast Group address, and source address of the machine to be attacked. A random Option type is added to the destination

Protocol Action: 'IP Version 6 over PPP' to Draft Standard

2007-05-28 Thread The IESG
The IESG has approved the following document: - 'IP Version 6 over PPP ' as a Draft Standard This document is the product of the IP Version 6 Working Group Working Group. The IESG contact persons are Jari Arkko and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/intern

Destination options attack

2007-05-28 Thread Vishwas Manral
Hi, I noticed one more security issue like the Destination options header attack. A packet is sent by using a destination header as a Multicast Group address, and source address of the machine to be attacked. A random Option type is added to the destination Options header, which has the highest o