[ipv6hackers] New IETF I-D on IPv6 ND SLLA/TLLA options (forwarding loops)

Fernando Gont fgont at si6networks.com
Fri Feb 14 15:59:35 CET 2014


We have published a new IETF I-D on issues arising from "malicious"
Neighbor Discovery SLLA/TLLA options. The I-D is available at:

We'd welcome any comments. If you feel like sending feedback, please
send it to "draft-gont-6man-lla-opt-validation at tools.ietf.org" (without
the quotes, and make sure to CC "ipv6 at ietf.org" (without the quotes).

The aforementioned issues can, of course, be reproduced with THC-IPv6
and the IPv6 toolkit (http://www.si6networks.com/tools/ipv6toolkit).


Best regards,

-------- Original Message --------
From: - Fri Feb 14 11:54:20 2014
From: internet-drafts at ietf.org
To: Shucheng LIU (Will) <liushucheng at huawei.com>, Will (Shucheng) Liu
<liushucheng at huawei.com>, Fernando Gont <fgont at si6networks.com>, Ron
Bonica <rbonica at juniper.net>, Fernando Gont <fgont at si6networks.com>,
Ronald P. Bonica <rbonica at juniper.net>
Subject: New Version Notification for
X-Test-IDTracker: no
X-IETF-IDTracker: 5.0.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140214145359.7925.43448.idtracker at ietfa.amsl.com>
Date: Fri, 14 Feb 2014 06:53:59 -0800

A new version of I-D, draft-gont-6man-lla-opt-validation-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.

Name:		draft-gont-6man-lla-opt-validation
Revision:	00
Title:		Validation of Neighbor Discovery Source Link-Layer Address
(SLLA) and Target Link-layer Address (TLLA) options
Document date:	2014-02-14
Group:		Individual Submission
Pages:		10

   This memo documents two scenarios in which an on-link attacker emits
   a crafted IPv6 Neighbor Discovery (ND) packet that poisons its
   victim's neighbor cache.  In the first scenario, the attacker causes
   a victim to map a local IPv6 address to a local router's own link-
   layer address.  In the second scenario, the attacker causes the
   victim to map a unicast IP address to a link layer broadcast address.
   In both scenarios, the attacker can exploit the poisoned neighbor
   cache to perform a subsequent forwording-loop attack, thus
   potentially causing a Denial of Service.

   Finally, this memo specifies simple validations that the recipient of
   an ND message can execute in order to protect itself against the
   above-mentioned threats.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

More information about the Ipv6hackers mailing list