I-D Action: draft-gont-opsec-icmp-ingress-filtering-02.txt
internet-drafts@ietf.org Mon, 21 March 2016 23:23 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 49A0812D146 for <i-d-announce@ietf.org>; Mon, 21 Mar 2016 16:23:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-gont-opsec-icmp-ingress-filtering-02.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.17.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160321232350.12191.41643.idtracker@ietfa.amsl.com>
Date: Mon, 21 Mar 2016 16:23:50 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/i-d-announce/uaPmnez-7FiWh7rqO2IqQUQ3-ko>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 23:23:50 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Defeating Attacks which employ Forged ICMP/ICMPv6 Error Messages
Authors : Fernando Gont
Ray Hunter
Jeroen Massar
Will(Shucheng) Liu
Filename : draft-gont-opsec-icmp-ingress-filtering-02.txt
Pages : 10
Date : 2016-03-21
Abstract:
Over the years, a number of attack vectors that employ forged ICMP/
ICMPv6 error messages have been disclosed and exploited in the wild.
The aforementioned attack vectors do not require that the source
address of the packets be forged, but do require that the addresses
of the IP/IPv6 packet embedded in the ICMP/ICMPv6 payload be forged.
This document discusses a simple, effective, and straightforward
method for using ingress traffic filtering to mitigate attacks that
use forged addresses in the IP/IPv6 packet embedded in an ICMP/ICMPv6
payload.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-gont-opsec-icmp-ingress-filtering/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-gont-opsec-icmp-ingress-filtering-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-gont-opsec-icmp-ingress-filtering-02
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-gont-opsec-icmp-ingress-filteriā¦ internet-drafts