IETF Logo Mail Archive

Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02

Bill Cerveny <bmwg@wjcerveny.com> Mon, 18 November 2013 15:48 UTC

Return-Path: <bmwg@wjcerveny.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C89E711E810A for <bmwg@ietfa.amsl.com>; Mon, 18 Nov 2013 07:48:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level:
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WJ-XMByqAXEX for <bmwg@ietfa.amsl.com>; Mon, 18 Nov 2013 07:48:01 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by ietfa.amsl.com (Postfix) with ESMTP id D50D511E8183 for <bmwg@ietf.org>; Mon, 18 Nov 2013 07:42:41 -0800 (PST)
Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 5D6F52104E; Mon, 18 Nov 2013 10:42:35 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Mon, 18 Nov 2013 10:42:37 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; s=smtpout; bh=PY0 uA+PQObm7Fenoa6ehZLZv+Z8=; b=sxbaqQIWpuhs9peCBSgTnX2QYEoqzpIcO/1 oaxbvUaUEycLnRpwunfoUJKQ4r9ilGwiIuYOtBS42Rmwf87LzHeFWlDtNAz8K+wN edxeL/ONRwQxrJcVd/UwqGjWGEPcmSWOcoStLdjunFoqjl58Y5SYslgafYv5ee29 Klt9P1Nw=
X-Sasl-enc: Q02t9kOMUGTd2vd41s0gqrgQxErnUVLiSDYOMJ1SrYoE 1384789353
Received: from [192.168.1.108] (unknown [96.35.101.227]) by mail.messagingengine.com (Postfix) with ESMTPA id B6AF3C00E95; Mon, 18 Nov 2013 10:42:33 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_8EC9D89A-5CED-4E25-9D82-B07672933C1C"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Bill Cerveny <bmwg@wjcerveny.com>
In-Reply-To: <1384786539.24955.YahooMailNeo@web2804.biz.mail.ne1.yahoo.com>
Date: Mon, 18 Nov 2013 10:42:36 -0500
Message-Id: <F23B356E-0E22-463C-869A-E336E2A7C198@wjcerveny.com>
References: <F1312FAF1A1E624DA0972D1C9A91379A1BFB90E4B9@njfpsrvexg7.research.att.com> <C74F6918-8C94-4B09-A695-CCDEC1A94410@aerohive.com> <3064858D-D0EC-4A9B-9823-8989BEBA1790@aerohive.com> <1384437034.1733.YahooMailNeo@web2805.biz.mail.ne1.yahoo.com> <D02299C4-DB7F-465E-8882-9A5D1168D63E@wjcerveny.com> <1384786539.24955.YahooMailNeo@web2804.biz.mail.ne1.yahoo.com>
To: Nalini Elkins <nalini.elkins@insidethestack.com>
X-Mailer: Apple Mail (2.1822)
Cc: "bmwg@ietf.org" <bmwg@ietf.org>
Subject: Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bmwg>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 15:48:05 -0000

Hi Nalini,

I'm not the right person to answer that question from the perspective of the BMWG. However, benchmarking nodes other than intermediate nodes is outside of the scope for the the NDP benchmarking draft, as it is written now.

In regards to the RA-based attacks based on the THC-IPv6 flood_router6 attacks, I perceived this as mostly an operating system security vulnerability, which has been fixed.

Bill

On Nov 18, 2013, at 9:55 AM, Nalini Elkins <nalini.elkins@insidethestack.com> wrote:

> Bill,
> 
> Is BMWG only concerned with intermediate nodes?
> 
> 
> On Nov 14, 2013, at 8:50 AM, Nalini Elkins <nalini.elkins@insidethestack.com> wrote:
> 
>> Bill,
>> 
>> As I commented at the BMWG meeting, IMHO a few things would be quite valuable to benchmark for IPv6.  I do not know if these are in scope of the charter.  We can certainly discuss further, if desired.
>> 
>> 1.  The impact of extension headers on performance
>>      There has been quite a bit of discussion in v6ops and 6man about "long" extension headers and ASIC size.  That is, if the header gets too big, then it is routed slowly.   I, for one, would like to see some kind of formal discussion and benchmarking of this.
> 
> See http://tools.ietf.org/html/rfc5180#section-5.3, "IPv6 Benchmarking Methodology", section "Traffic with Extension Headers". There may be value in a more in-depth discussion and benchmarking of extension headers and its impact on routers / intermediate nodes.
> 
>> 
>> 2.  Router advertisements:
>>      Much "bad" stuff can be done with Router Advertisements.   See UTube video: http://www.youtube.com/watch?v=TfsfNWHCKK0
>>      I believe he got this from : https://www.thc.org/thc-ipv6/  which also has:
> 
> This was an interesting attack. I had replicated the behavior described in the YouTube video with Windows 7 and Windows 8 in VMs using flood_router6 in Nov. 2012. Sam Bowne had done a bit of research on this issue, including characterizing the behavior on multiple systems as well as confirming that Microsoft had mostly fixed the problem with patches in 2013.
> 
> A distinction with the flood_router6 Windows attack is that it didn't attack routers (intermediate nodes), as far as I know, and the attack could "only" be launched from the same "broadcast domain."
> 
> Bill
>>         - parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same
>>  as ARP mitm (and parasite)
>> 	- alive6: an effective alive scanng, which will detect all systems listening to this address
>> 	- dnsdict6: parallized dns ipv6 dictionary bruteforcer
>> 	- fake_router6: announce yourself as a router on the network, with the highest priority
>> 	- redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
>> 	- toobig6: mtu decreaser with the same intelligence as redir6
>> 	- detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
>> 	- dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
>> 	- trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
>> 	- flood_router6: flood a target with random router advertisements
>> 	- flood_advertise6: flood a target with random neighbor advertisements
>> 	- exploit6: known ipv6 vulnerabilities to test against a target
>> 	- denial6: a collection of denial-of-service tests againsts a target
>> 	- fuzz_ip6: fuzzer for ipv6
>> 	- implementation6: performs various implementation checks on ipv6
>> 	- implementation6d: listen daemon for implementation6 to check behind a fw
>> 	- fake_mld6: announce yourself in a multicast group of your choice on the net
>> 	- fake_mld26: same but for MLDv2
>> 	- fake_mldrouter6: fake MLD router messages
>> 	- fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
>> 	- fake_advertiser6: announce yourself on the network
>> 	- smurf6: local smurfer
>> 	- rsmurf6: remote smurfer, known to work only against linux at the moment
>> 	- sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
>>         - thcping6: sends a hand crafted ping6 packet
>>  
>>  
>> Thanks,
>> 
>> Nalini Elkins
>> Inside Products, Inc.
>> (831) 659-8360
>> www.insidethestack.com
>> 
>>  
>> _______________________________________________
>> bmwg mailing list
>> bmwg@ietf.org
>> https://www.ietf.org/mailman/listinfo/bmwg
> 
> 
>

v2.23.0 | Report a Bug | By Email