A new Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Operational Neighbor Discovery Problem
Author(s) : J. Jaeggli, et al
Filename : draft-gashinsky-v6ops-v6nd-problems-00.txt
Pages : 12
Date : 2011-10-06
In IPv4, subnets are generally small, made just large enough to cover
the actual number of machines on the subnet. In contrast, the
default IPv6 subnet size is a /64, a number so large it covers
trillions of addresses, the overwhelming number of which will be
unassigned. Consequently, simplistic implementations of Neighbor
Discovery can be vulnerable to denial of service attacks whereby they
attempt to perform address resolution for large numbers of unassigned
addresses. Such denial of attacks can be launched intentionally (by
an attacker), or result from legitimate operational tools that scan
networks for inventory and other purposes. As a result of these
vulnerabilities, new devices may not be able to "join" a network, it
may be impossible to establish new IPv6 flows, and existing ipv6
transported flows may be interrupted.
This document describes the problem in detail and suggests possible
implementation improvements as well as operational mitigation
techniques that can in some cases to protect against such attacks.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-gashinsky-v6ops-v6nd-problems-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-gashinsky-v6ops-v6nd-problems-00.txt>
-
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
