[ipv6hackers] New IETF I-D on IPv6 ND SLLA/TLLA options (forwarding loops)
Fernando Gont
fgont at si6networks.com
Fri Feb 14 15:59:35 CET 2014
Folks,
We have published a new IETF I-D on issues arising from "malicious"
Neighbor Discovery SLLA/TLLA options. The I-D is available at:
<http://www.ietf.org/internet-drafts/draft-gont-6man-lla-opt-validation-00.txt>
We'd welcome any comments. If you feel like sending feedback, please
send it to "draft-gont-6man-lla-opt-validation at tools.ietf.org" (without
the quotes, and make sure to CC "ipv6 at ietf.org" (without the quotes).
The aforementioned issues can, of course, be reproduced with THC-IPv6
and the IPv6 toolkit (http://www.si6networks.com/tools/ipv6toolkit).
Thanks!
Best regards,
Fernando
-------- Original Message --------
From: - Fri Feb 14 11:54:20 2014
From: internet-drafts at ietf.org
To: Shucheng LIU (Will) <liushucheng at huawei.com>, Will (Shucheng) Liu
<liushucheng at huawei.com>, Fernando Gont <fgont at si6networks.com>, Ron
Bonica <rbonica at juniper.net>, Fernando Gont <fgont at si6networks.com>,
Ronald P. Bonica <rbonica at juniper.net>
Subject: New Version Notification for
draft-gont-6man-lla-opt-validation-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 5.0.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140214145359.7925.43448.idtracker at ietfa.amsl.com>
Date: Fri, 14 Feb 2014 06:53:59 -0800
A new version of I-D, draft-gont-6man-lla-opt-validation-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.
Name: draft-gont-6man-lla-opt-validation
Revision: 00
Title: Validation of Neighbor Discovery Source Link-Layer Address
(SLLA) and Target Link-layer Address (TLLA) options
Document date: 2014-02-14
Group: Individual Submission
Pages: 10
URL:
http://www.ietf.org/internet-drafts/draft-gont-6man-lla-opt-validation-00.txt
Status:
https://datatracker.ietf.org/doc/draft-gont-6man-lla-opt-validation/
Htmlized:
http://tools.ietf.org/html/draft-gont-6man-lla-opt-validation-00
Abstract:
This memo documents two scenarios in which an on-link attacker emits
a crafted IPv6 Neighbor Discovery (ND) packet that poisons its
victim's neighbor cache. In the first scenario, the attacker causes
a victim to map a local IPv6 address to a local router's own link-
layer address. In the second scenario, the attacker causes the
victim to map a unicast IP address to a link layer broadcast address.
In both scenarios, the attacker can exploit the poisoned neighbor
cache to perform a subsequent forwording-loop attack, thus
potentially causing a Denial of Service.
Finally, this memo specifies simple validations that the recipient of
an ND message can execute in order to protect itself against the
above-mentioned threats.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
More information about the Ipv6hackers
mailing list