Fwd: draft-nakibly-v6ops-tunnel-loops-01

Jeroen Massar jeroen at unfix.org
Mon Feb 1 20:41:50 CET 2010


See below, send your replies to that list otherwise the author won't see
them(*)...

Greets,
 Jeroen

* well, I did bcc him just in case, as people tend to not heed that advice.

Gabi, this list @ http://lists.cluenet.de/mailman/listinfo/ipv6-ops btw

-------- Original Message --------
Subject: 	draft-nakibly-v6ops-tunnel-loops-01
Date: 	Mon, 1 Feb 2010 11:25:03 -0800 (PST)
From: 	Gabi Nakibly <gnakibly at yahoo.com>
To: 	v6ops at ops.ietf.org
CC: 	Fred L Templin <Fred.L.Templin at boeing.com>



Hi all,
I would like to draw your attention to a new version of an I-D. It is
concerned with routing loop attacks on ISATAP and 6to4 that may
cause DoS. The I-D proposes some mitigation measures, which are the
result of discussions made on the list a few months ago. The draft is
co-authored with Fred Templin.

Your comments are welcome.

Gabi

http://www.ietf.org/id/draft-nakibly-v6ops-tunnel-loops-01.txt

----- Forwarded Message ----
*From:* IETF I-D Submission Tool <idsubmission at ietf.org>
*To:* gnakibly at yahoo.com
*Sent:* Mon, February 1, 2010 9:07:38 PM
*Subject:* New Version Notification for draft-nakibly-v6ops-tunnel-loops-01


A new version of I-D, draft-nakibly-v6ops-tunnel-loops-01.txt has been
successfuly submitted by Gabi Nakibly and posted to the IETF repository.

Filename:    draft-nakibly-v6ops-tunnel-loops
Revision:    01
Title:        Routing Loops using ISATAP and 6to4: Problem Statement and
Proposed Solutions
Creation_date:    2010-02-01
WG ID:        Independent Submission
Number_of_pages: 13

Abstract:
This document is concerned with security vulnerabilities in the
ISATAP and 6to4 tunnels.  These vulnerabilities allow an attacker to
take advantage of inconsistencies between a tunnel's overlay IPv6
routing state and the native IPv6 routing state.  The attacks form
routing loops which can be abused as a vehicle for traffic
amplification to facilitate DoS attacks.  We describe these security
vulnerabilities and the attacks which exploit them.  We further
recommend on solutions to remove the vulnerabilities.




The IETF Secretariat.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100201/1df9944e/attachment.bin 


More information about the ipv6-ops mailing list