[ipv6hackers] Fwd: RFC 7113 on Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)

Fernando Gont fgont at si6networks.com
Fri Feb 14 07:30:36 CET 2014


FYI: <http://www.rfc-editor.org/rfc/rfc7113.txt>

(The "implementation guidelines" are mostly useful for vendors. The
evasion techniques are useful to us all.)

Cheers,
Fernando




-------- Original Message --------
Subject: [v6ops] RFC 7113 on Implementation Advice for IPv6 Router
Advertisement Guard (RA-Guard)
Date: Tue, 11 Feb 2014 13:55:26 -0800 (PST)
From: rfc-editor at rfc-editor.org
To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org
CC: drafts-update-ref at iana.org, v6ops at ietf.org, rfc-editor at rfc-editor.org

A new Request for Comments is now available in online RFC libraries.


        RFC 7113

        Title:      Implementation Advice for IPv6 Router
                    Advertisement Guard (RA-Guard)
        Author:     F. Gont
        Status:     Informational
        Stream:     IETF
        Date:       February 2014
        Mailbox:    fgont at si6networks.com
        Pages:      13
        Characters: 29272
        Updates:    RFC 6105

        I-D Tag:    draft-ietf-v6ops-ra-guard-implementation-07.txt

        URL:        http://www.rfc-editor.org/rfc/rfc7113.txt

The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly
employed to mitigate attack vectors based on forged ICMPv6 Router
Advertisement messages.  Many existing IPv6 deployments rely on
RA-Guard as the first line of defense against the aforementioned attack
vectors.  However, some implementations of RA-Guard have been found
to be prone to circumvention by employing IPv6 Extension Headers.
This document describes the evasion techniques that affect the
aforementioned implementations and formally updates RFC 6105, such
that the aforementioned RA-Guard evasion vectors are eliminated.

This document is a product of the IPv6 Operations Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see
http://www.rfc-editor.org/search/rfc_search.php
For downloading RFCs, see http://www.rfc-editor.org/rfc.html

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


_______________________________________________
v6ops mailing list
v6ops at ietf.org
https://www.ietf.org/mailman/listinfo/v6ops






More information about the Ipv6hackers mailing list