I-D Action: draft-gont-opsec-icmp-ingress-filtering-03.txt
internet-drafts@ietf.org Mon, 03 July 2017 22:06 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DBCA212EE45 for <i-d-announce@ietf.org>; Mon, 3 Jul 2017 15:06:15 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-gont-opsec-icmp-ingress-filtering-03.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.55.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149911957587.16124.2045446077064391986@ietfa.amsl.com>
Date: Mon, 03 Jul 2017 15:06:15 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/iBl9N_7c1wUbl8TUHZ-k6LLU938>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jul 2017 22:06:16 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Defeating Attacks which employ Forged ICMPv4/ICMPv6 Error Messages
Authors : Fernando Gont
Ray Hunter
Jeroen Massar
Will(Shucheng) Liu
Filename : draft-gont-opsec-icmp-ingress-filtering-03.txt
Pages : 10
Date : 2017-07-03
Abstract:
Over the years, a number of attack vectors that employ forged ICMPv4/
ICMPv6 error messages have been disclosed and exploited in the wild.
The aforementioned attack vectors do not require that the source
address of the packets be forged, but do require that the addresses
of the IPv4/IPv6 packet embedded in the ICMPv4/ICMPv6 payload be
forged. This document discusses a simple, effective, and
straightforward method for using ingress traffic filtering to
mitigate attacks that use forged addresses in the IPv4/IPv6 packet
embedded in an ICMPv4/ICMPv6 payload.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-gont-opsec-icmp-ingress-filtering/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-gont-opsec-icmp-ingress-filtering-03
https://datatracker.ietf.org/doc/html/draft-gont-opsec-icmp-ingress-filtering-03
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-gont-opsec-icmp-ingress-filtering-03
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-gont-opsec-icmp-ingress-filteriā¦ internet-drafts