[ipv6hackers] Fwd: [v6ops] I-D Action: draft-ietf-v6ops-ra-guard-implementation-00.txt

Fernando Gont fgont at si6networks.com
Wed Feb 15 11:13:37 CET 2012


FYI: This one has just been accepted by the v6ops wg of the IETF.

Any feedback will be appreciated.


-------- Original Message --------
Subject: [v6ops] I-D Action: draft-ietf-v6ops-ra-guard-implementation-00.txt
Date: Mon, 13 Feb 2012 10:08:07 -0800
From: internet-drafts at ietf.org
To: i-d-announce at ietf.org
CC: v6ops at ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the IPv6 Operations Working
Group of the IETF.

	Title           : Implementation Advice for IPv6 Router Advertisement
Guard (RA-Guard)
	Author(s)       : Fernando Gont
	Filename        : draft-ietf-v6ops-ra-guard-implementation-00.txt
	Pages           : 16
	Date            : 2012-02-12

   The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly
   employed to mitigate attack vectors based on forged ICMPv6 Router
   Advertisement messages.  Many existing IPv6 deployments rely on RA-
   Guard as the first line of defense against the aforementioned attack
   vectors.  However, some implementations of RA-Guard have been found
   to be prone to circumvention by employing IPv6 Extension Headers.
   This document describes the evasion techniques that affect the
   aforementioned implementations, and provides advice on the
   implementation of RA-Guard, such that the RA-Guard evasion vectors
   are eliminated.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

This Internet-Draft can be retrieved at:

v6ops mailing list
v6ops at ietf.org

More information about the Ipv6hackers mailing list