A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
Title : A Recommendation for IPv6 Address Text Representation
Author(s) : S. Kawamura, M. Kawashima
Fred,
I initially very much liked your suggestion regarding the check of the neighbor
cache before forwarding a packet into the tunnel. It truly addresses the root
cause of the problem ans is simple enough to implement. However, I realized
that an attacker can send a spoofed RS to the ISATAP
Remi,
See my comments inline (gn).
Gabi
- Original Message
From: Rémi Després remi.desp...@free.fr
To: Gabi Nakibly gnaki...@yahoo.com
Cc: v6ops v6...@ops.ietf.org; 6man 6man ipv6@ietf.org; sec...@ietf.org;
Mark Townsley towns...@cisco.com
Sent: Thursday, August 20, 2009 11:34:49 AM
On Mon, Aug 24, 2009 at 1:19 PM, Thomas Narten nar...@us.ibm.com wrote:
The default value for hosts is the Neighbor Discovery
advertised hop limit [ND-Spec]. The default value for
routers is the default IPv6 Hop Limit value from the
Fernando Gont ferna...@gont.com.ar writes:
The intention of that wording was that the value to be used was the
same one as recommended for general use for IPv4, which IANA records.
What about nodes that are e.g. statically configured?
The intention of the Hop Limit, I think, is that
On Mon, Aug 24, 2009 at 2:41 PM, Thomas Nartennar...@us.ibm.com wrote:
What about nodes that are e.g. statically configured?
The intention of the Hop Limit, I think, is that implementations (not
operations) configure it by default to 64. The value rarely seems to
change, so an operator/user
Gabi,
-Original Message-
From: Gabi Nakibly [mailto:gnaki...@yahoo.com]
Sent: Monday, August 24, 2009 4:44 AM
To: Templin, Fred L; v6ops
Cc: ipv6@ietf.org; sec...@ietf.org
Subject: Re: Routing loop attacks using IPv6 tunnels
Fred,
I initially very much liked your suggestion
Slight correction:
if (dst == *::0200:5efe:my_ipv4_addr)
drop_pkt(); /* attack #3 mitigation */
should be:
if (dst == foreign_prefix::0200:5efe:my_ipv4_addr)
drop_pkt(); /* attack #3 mitigation */
Fred
fred.l.temp...@boeing.com
Hi,
2.2. Autoconfiguration for Global Scope
...
This usually means that the next hop of that default route will only
be useable with the source address learned from that default router.
Can you be more explicit that any global scope routing table MAY
contain a default route and that