RFC 6583 on Operational Neighbor Discovery Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A new Request for Comments is now available in online RFC libraries.

        
        RFC 6583

        Title:      Operational Neighbor Discovery Problems 
        Author:     I. Gashinsky, J. Jaeggli,
                    W. Kumari
        Status:     Informational
        Stream:     IETF
        Date:       March 2012
        Mailbox:    igor@yahoo-inc.com, 
                    jjaeggli@zynga.com, 
                    warren@kumari.net
        Pages:      12
        Characters: 29480
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-v6ops-v6nd-problems-04.txt

        URL:        http://www.rfc-editor.org/rfc/rfc6583.txt

In IPv4, subnets are generally small, made just large enough to cover
the actual number of machines on the subnet.  In contrast, the
default IPv6 subnet size is a /64, a number so large it covers
trillions of addresses, the overwhelming number of which will be
unassigned.  Consequently, simplistic implementations of Neighbor
Discovery (ND) can be vulnerable to deliberate or accidental denial
of service (DoS), whereby they attempt to perform address resolution
for large numbers of unassigned addresses.  Such denial-of-service
attacks can be launched intentionally (by an attacker) or result from
legitimate operational tools or accident conditions.  As a result of
these vulnerabilities, new devices may not be able to "join" a
network, it may be impossible to establish new IPv6 flows, and
existing IPv6 transported flows may be interrupted.

This document describes the potential for DoS in detail and suggests
possible implementation improvements as well as operational
mitigation techniques that can, in some cases, be used to protect
against or at least alleviate the impact of such attacks.  
[STANDARDS-TRACK]

This document is a product of the IPv6 Operations Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux