A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Defeating Attacks which employ Forged ICMP/ICMPv6 Error Messages
Authors : Fernando Gont
Ray Hunter
Jeroen Massar
Will(Shucheng) Liu
Filename : draft-gont-opsec-icmp-ingress-filtering-02.txt
Pages : 10
Date : 2016-03-21
Abstract:
Over the years, a number of attack vectors that employ forged ICMP/
ICMPv6 error messages have been disclosed and exploited in the wild.
The aforementioned attack vectors do not require that the source
address of the packets be forged, but do require that the addresses
of the IP/IPv6 packet embedded in the ICMP/ICMPv6 payload be forged.
This document discusses a simple, effective, and straightforward
method for using ingress traffic filtering to mitigate attacks that
use forged addresses in the IP/IPv6 packet embedded in an ICMP/ICMPv6
payload.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-gont-opsec-icmp-ingress-filtering/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-gont-opsec-icmp-ingress-filtering-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-gont-opsec-icmp-ingress-filtering-02
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
