Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02
Nalini Elkins <nalini.elkins@insidethestack.com> Mon, 18 November 2013 16:51 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: bmwg@ietfa.amsl.com
Delivered-To: bmwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1288121F9E37 for <bmwg@ietfa.amsl.com>; Mon, 18 Nov 2013 08:51:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 66djc8li9hN2 for <bmwg@ietfa.amsl.com>; Mon, 18 Nov 2013 08:51:43 -0800 (PST)
Received: from nm11-vm10.access.bullet.mail.bf1.yahoo.com (nm11-vm10.access.bullet.mail.bf1.yahoo.com [216.109.114.233]) by ietfa.amsl.com (Postfix) with ESMTP id EFA8111E81F9 for <bmwg@ietf.org>; Mon, 18 Nov 2013 08:48:57 -0800 (PST)
Received: from [66.196.81.162] by nm11.access.bullet.mail.bf1.yahoo.com with NNFMP; 18 Nov 2013 16:48:57 -0000
Received: from [66.196.81.151] by tm8.access.bullet.mail.bf1.yahoo.com with NNFMP; 18 Nov 2013 16:48:57 -0000
Received: from [127.0.0.1] by omp1027.access.mail.bf1.yahoo.com with NNFMP; 18 Nov 2013 16:48:57 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 195107.38603.bm@omp1027.access.mail.bf1.yahoo.com
Received: (qmail 98081 invoked by uid 60001); 18 Nov 2013 16:48:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1384793336; bh=2fE1jpCKqkO9iYe7P7W+NX3+hGf0x11qBVYmTyXK7Ww=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=mUym428Ug6kV1gedTFj8RCz69UpDkYdVMKtGCsr7HUzKTt2WRGPCEpyq16wH+KKpux2Nx3n1Z2RAZvHC+Cqy2RMZH2U72O9JsxHGPefzjW417Z2AgDlYGfRbNV4DJitEy77N3pf0U+spglQrw9Os9hDBc4ICzawcxGzBE/r0k2s=
X-YMail-OSG: oQva2rsVM1lQUrDCL8vKy9pMFs88Nds54av7gfVBmcCkhOy VZCuJ5ikl0dWPMdBbjpu_Gr00R9GwiWrn0U_9HAFZKLyWXIEXbhuSzq9aTQC K5JRiFYCPweWSiibfqmjumWT2cosusjmm_4ss9C9IAqbrqqiLSPDNHW_U6l_ xmILct2u8m4z7lkLDkXH.g_JOXqM8OYZxLzJUzIpdpQNDbqoqRaVIOluWaoI bvR37fFpMBjVSDpRsTCJ31XHpz5OvSPkpXs2_hjBT.4uJiBBxI1qlTzAq9qV OQgMdTN9W4.kyucSB4Em2iaJIGOdIaAjCH4qF.2rCgI3ITxTbBWBZWdLkajI xh37ZnGitbAwfxom7l3zZA3O_CzVVT_ZncMkw.g605n11Vywpr7XaSjwGQss pnsNR2.VEaGStMobNKfeXo5nXBwM09hJDeC6a1I8f6Dbs35gyxx8h4Pe3Zif s97pOW8BVulDqJcVxUcnU.7LKohWEAdANp4RuAyJGIoypaytroGBhOUyEkUN mh2vvjN4RrfWeHLIayAeGQMbNwR62JS043.Sklo6yc2HoEi07liNTV_nrt60 ZwvXEvAyHoTcPA6K5GTFm.xnQf0DA1Lp6V8fPD2lWNWP_LVhm1hO0Nb2817K YY99gM8ksSLz2VkpxQcK8Xug18B9rVl7RMBb1G.P8Zx5ioIcyhCKMFT5W8IN N1kKkZW6aEuowTYZzVDYY_aJqVFeUhEMnaZOWKWsqfWQyDeJFk8uE5nGzLeY djSCbGRMj9IfOCVESWwmsgftPPPR82wl4l2QYWWi4LGr2OlE_TadlKG8aihV LWoD5aWUXdgj4tH4Pr3MPgZ57GCBjfiUdJeNcjxSgpVzKmKg6C7pZw3e_oGm YrjnC0t0PQ1aE3nPBJoNSJdDxj1oc
Received: from [24.130.37.147] by web2805.biz.mail.ne1.yahoo.com via HTTP; Mon, 18 Nov 2013 08:48:56 PST
X-Rocket-MIMEInfo: 002.001, QmlsbCwKCgo.IEknbSBub3QgdGhlIHJpZ2h0IHBlcnNvbiB0byBhbnN3ZXIgdGhhdCBxdWVzdGlvbiBmcm9tIHRoZSBwZXJzcGVjdGl2ZSBvZiB0aGUgQk1XRy4gSG93ZXZlciwgYmVuY2htYXJraW5nIG5vZGVzIG90aGVyIHRoYW4gaW50ZXJtZWRpYXRlIG5vZGVzIGlzIG91dHNpZGUgb2YgdGhlIHNjb3BlIGZvciB0aGUgdGhlIE5EUCBiZW5jaG1hcmtpbmcgZHJhZnQsIGFzIGl0IGlzIHdyaXR0ZW4gbm93LgoKClN1cmUuCgo.wqBJbiByZWdhcmRzIHRvIHRoZSBSQS1iYXNlZCBhdHRhY2tzIGJhc2VkIG9uIHQBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.166.601
References: <F1312FAF1A1E624DA0972D1C9A91379A1BFB90E4B9@njfpsrvexg7.research.att.com> <C74F6918-8C94-4B09-A695-CCDEC1A94410@aerohive.com> <3064858D-D0EC-4A9B-9823-8989BEBA1790@aerohive.com> <1384437034.1733.YahooMailNeo@web2805.biz.mail.ne1.yahoo.com> <D02299C4-DB7F-465E-8882-9A5D1168D63E@wjcerveny.com> <1384786539.24955.YahooMailNeo@web2804.biz.mail.ne1.yahoo.com> <F23B356E-0E22-463C-869A-E336E2A7C198@wjcerveny.com>
Message-ID: <1384793336.97931.YahooMailNeo@web2805.biz.mail.ne1.yahoo.com>
Date: Mon, 18 Nov 2013 08:48:56 -0800
From: Nalini Elkins <nalini.elkins@insidethestack.com>
To: Bill Cerveny <bmwg@wjcerveny.com>
In-Reply-To: <F23B356E-0E22-463C-869A-E336E2A7C198@wjcerveny.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1619178251-1038312841-1384793336=:97931"
Cc: "bmwg@ietf.org" <bmwg@ietf.org>
Subject: Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Nalini Elkins <nalini.elkins@insidethestack.com>
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bmwg>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 16:51:48 -0000
Bill, > I'm not the right person to answer that question from the perspective of the BMWG. However, benchmarking nodes other than intermediate nodes is outside of the scope for the the NDP benchmarking draft, as it is written now. Sure. > In regards to the RA-based attacks based on the THC-IPv6 flood_router6 attacks, I perceived this as mostly an operating system security vulnerability, which has been fixed. Well, I would say that "fixed" is a matter of opinion. Are you saying that "fixed" means that the operating system does not lock up tighter than a drum? The routing table in the OS is very messed up. I will direct a question to Microsoft on this as well. Bill On Nov 18, 2013, at 9:55 AM, Nalini Elkins <nalini.elkins@insidethestack.com> wrote: Bill, > > >Is BMWG only concerned with intermediate nodes? > > > > >On Nov 14, 2013, at 8:50 AM, Nalini Elkins <nalini.elkins@insidethestack.com> wrote: > >Bill, >> >> >>As I commented at the BMWG meeting, IMHO a few things would be quite valuable to benchmark for IPv6. I do not know if these are in scope of the charter. We can certainly discuss further, if desired. >> >> >>1. The impact of extension headers on performance >> There has been quite a bit of discussion in v6ops and 6man about "long" extension headers and ASIC size. That is, if the header gets too big, then it is routed slowly. I, for one, would like to see some kind of formal discussion and benchmarking of this. > >See http://tools.ietf.org/html/rfc5180#section-5.3, "IPv6 Benchmarking Methodology", section "Traffic with Extension Headers". There may be value in a more in-depth discussion and benchmarking of extension headers and its impact on routers / intermediate nodes. > > > >> >>2. Router advertisements: >> Much "bad" stuff can be done with Router Advertisements. See UTube video: http://www.youtube.com/watch?v=TfsfNWHCKK0 >> I believe he got this from : https://www.thc.org/thc-ipv6/ which also has: > >This was an interesting attack. I had replicated the behavior described in the YouTube video with Windows 7 and Windows 8 in VMs using flood_router6 in Nov. 2012. Sam Bowne had done a bit of research on this issue, including characterizing the behavior on multiple systems as well as confirming that Microsoft had mostly fixed the problem with patches in 2013. > > >A distinction with the flood_router6 Windows attack is that it didn't attack routers (intermediate nodes), as far as I know, and the attack could "only" be launched from the same "broadcast domain." > > >Bill > >- parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite) - alive6: an effective alive scanng, which will detect all systems listening to this address - dnsdict6: parallized dns ipv6 dictionary bruteforcer - fake_router6: announce yourself as a router on the network, with the highest priority - redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer - toobig6: mtu decreaser with the same intelligence as redir6 - detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc. - dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS). - trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN - flood_router6: flood a target with random router advertisements - flood_advertise6: flood a target with random neighbor advertisements - exploit6: known ipv6 vulnerabilities to test against a target - denial6: a collection of denial-of-service tests againsts a target - fuzz_ip6: fuzzer for ipv6 - implementation6: performs various implementation checks on ipv6 - implementation6d: listen daemon for implementation6 to check behind a fw - fake_mld6: announce yourself in a multicast group of your choice on the net - fake_mld26: same but for MLDv2 - fake_mldrouter6: fake MLD router messages - fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication - fake_advertiser6: announce yourself on the network - smurf6: local smurfer - rsmurf6: remote smurfer, known to work only against linux at the moment - sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice. - thcping6: sends a hand crafted ping6 packet >> >> >>Thanks, >> >> >>Nalini Elkins >>Inside Products, Inc. >>(831) 659-8360 >>www.insidethestack.com >> >> >> _______________________________________________ >>bmwg mailing list >>bmwg@ietf.org >>https://www.ietf.org/mailman/listinfo/bmwg >> > > >
- [bmwg] Draft Minutes for IETF-86 MORTON JR., ALFRED C (AL)
- Re: [bmwg] Draft Minutes for IETF-86 Sangjin Jeong
- Re: [bmwg] Draft Minutes for IETF-86 MORTON JR., ALFRED C (AL)
- [bmwg] Draft Minutes for IETF-87 Sarah Banks
- [bmwg] Draft Minutes for IETF-88 Sarah Banks
- Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02 Nalini Elkins
- Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02 Bill Cerveny
- Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02 Nalini Elkins
- Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02 Bill Cerveny
- Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02 Nalini Elkins
- Re: [bmwg] draft-cerveny-bmwg-ipv6-nd-02 joel jaeggli