RE: Routing loop attacks using IPv6 tunnels

Gabi and Christian, Focusing only on attack #3 (i.e., leaving out attack #1 and #2 6to4 interactions for the moment), please check the following summary of proposed mitigations: 1) For ISATAP/VET routers that have assurance that their neighbor cache is coherent, the router can make a simple check

Re: Routing loop attacks using IPv6 tunnels

Hi Christian, Thanks for your comments. The checks you suggested are powerful and will indeed mitigate the attacks. The only thing that worries me is the fact that usually AFAIK the ISATAP router is not configured with the IPv4 subnet addresses of the site. This means that the router must now

Re: Node requirements: draft-ietf-6man-node-req-bis-03.txt

picking up an old thread. [...] >  - DHCP and stateless autoconf. This document is probably not the >   right place to discuss the M&O bits, but IMO this document should >   say more about DHCP vs. stateless and the issues surrounding when >   to implement one or the other. Not to mandate them. A

Re: Routing loop attacks using IPv6 tunnels

Fred, - Original Message > From: "Templin, Fred L" > To: Gabi Nakibly ; v6ops > Cc: ipv6@ietf.org; sec...@ietf.org > Sent: Friday, September 4, 2009 10:00:53 PM > Subject: RE: Routing loop attacks using IPv6 tunnels > > Gabi, > > I'd like to make one other observation about these ch

Re: Routing loop attacks using IPv6 tunnels

Fred, Se below. Gabi - Original Message > From: "Templin, Fred L" > To: Gabi Nakibly ; v6ops > Cc: ipv6@ietf.org; sec...@ietf.org > Sent: Thursday, September 3, 2009 5:59:36 PM > Subject: RE: Routing loop attacks using IPv6 tunnels > > Gabi, > > > -Original Message- > > From: