jeroen at unfix.org
Mon Feb 1 20:41:50 CET 2010
See below, send your replies to that list otherwise the author won't see
* well, I did bcc him just in case, as people tend to not heed that advice.
Gabi, this list @ http://lists.cluenet.de/mailman/listinfo/ipv6-ops btw
-------- Original Message --------
Date: Mon, 1 Feb 2010 11:25:03 -0800 (PST)
From: Gabi Nakibly <gnakibly at yahoo.com>
To: v6ops at ops.ietf.org
CC: Fred L Templin <Fred.L.Templin at boeing.com>
I would like to draw your attention to a new version of an I-D. It is
concerned with routing loop attacks on ISATAP and 6to4 that may
cause DoS. The I-D proposes some mitigation measures, which are the
result of discussions made on the list a few months ago. The draft is
co-authored with Fred Templin.
Your comments are welcome.
----- Forwarded Message ----
*From:* IETF I-D Submission Tool <idsubmission at ietf.org>
*To:* gnakibly at yahoo.com
*Sent:* Mon, February 1, 2010 9:07:38 PM
*Subject:* New Version Notification for draft-nakibly-v6ops-tunnel-loops-01
A new version of I-D, draft-nakibly-v6ops-tunnel-loops-01.txt has been
successfuly submitted by Gabi Nakibly and posted to the IETF repository.
Title: Routing Loops using ISATAP and 6to4: Problem Statement and
WG ID: Independent Submission
This document is concerned with security vulnerabilities in the
ISATAP and 6to4 tunnels. These vulnerabilities allow an attacker to
take advantage of inconsistencies between a tunnel's overlay IPv6
routing state and the native IPv6 routing state. The attacks form
routing loops which can be abused as a vehicle for traffic
amplification to facilitate DoS attacks. We describe these security
vulnerabilities and the attacks which exploit them. We further
recommend on solutions to remove the vulnerabilities.
The IETF Secretariat.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20100201/1df9944e/attachment.bin
More information about the ipv6-ops