I-D Action: draft-gont-opsec-icmp-ingress-filtering-02.txt
internet-drafts@ietf.org Mon, 21 March 2016 23:23 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 49A0812D146 for <i-d-announce@ietf.org>; Mon, 21 Mar 2016 16:23:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-gont-opsec-icmp-ingress-filtering-02.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 6.17.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160321232350.12191.41643.idtracker@ietfa.amsl.com>
Date: Mon, 21 Mar 2016 16:23:50 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/i-d-announce/uaPmnez-7FiWh7rqO2IqQUQ3-ko>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 23:23:50 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Defeating Attacks which employ Forged ICMP/ICMPv6 Error Messages Authors : Fernando Gont Ray Hunter Jeroen Massar Will(Shucheng) Liu Filename : draft-gont-opsec-icmp-ingress-filtering-02.txt Pages : 10 Date : 2016-03-21 Abstract: Over the years, a number of attack vectors that employ forged ICMP/ ICMPv6 error messages have been disclosed and exploited in the wild. The aforementioned attack vectors do not require that the source address of the packets be forged, but do require that the addresses of the IP/IPv6 packet embedded in the ICMP/ICMPv6 payload be forged. This document discusses a simple, effective, and straightforward method for using ingress traffic filtering to mitigate attacks that use forged addresses in the IP/IPv6 packet embedded in an ICMP/ICMPv6 payload. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-gont-opsec-icmp-ingress-filtering/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-gont-opsec-icmp-ingress-filtering-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-gont-opsec-icmp-ingress-filtering-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- I-D Action: draft-gont-opsec-icmp-ingress-filteriā¦ internet-drafts