I-D Action: draft-gont-6man-ipv6-smurf-amplifier-02.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : Security Implications of IPv6 Options of Type 10xxxxxx
	Author(s)       : Fernando Gont
                          Will Liu
	Filename        : draft-gont-6man-ipv6-smurf-amplifier-02.txt
	Pages           : 11
	Date            : 2013-01-24

Abstract:
   When an IPv6 node processing an IPv6 packet does not support an IPv6
   option whose two-highest-order bits of the Option Type are '10', it
   is required to respond with an ICMPv6 Parameter Problem error
   message, even if the Destination Address of the packet was a
   multicast address.  This feature provides an amplification vector,
   opening the door to an IPv6 version of the 'Smurf' Denial-of-Service
   (DoS) attack found in IPv4 networks.  This document discusses the
   security implications of the aforementioned options, and formally
   updates RFC 2460 and RFC 4443 such that this attack vector is
   eliminated.  Additionally, it describes a number of operational
   mitigations that could be deployed against this attack vector.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-gont-6man-ipv6-smurf-amplifier

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-gont-6man-ipv6-smurf-amplifier-02

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-gont-6man-ipv6-smurf-amplifier-02


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux