Re: FW: New Version Notification for draft-gont-6man-lla-opt-validation-00.txt

Jen Linkova <furry13@gmail.com> Tue, 04 March 2014 19:25 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA10E1A028E for <ipv6@ietfa.amsl.com>; Tue, 4 Mar 2014 11:25:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uC7ruQzgaGnx for <ipv6@ietfa.amsl.com>; Tue, 4 Mar 2014 11:25:28 -0800 (PST)
Received: from mail-qc0-x22d.google.com (mail-qc0-x22d.google.com [IPv6:2607:f8b0:400d:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD981A0255 for <ipv6@ietf.org>; Tue, 4 Mar 2014 11:25:28 -0800 (PST)
Received: by mail-qc0-f173.google.com with SMTP id r5so4717901qcx.32 for <ipv6@ietf.org>; Tue, 04 Mar 2014 11:25:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+/7l1gWQZrN3J9HWQ6fAcfdo8PdN1AiZxGWBe713s3Q=; b=yDOQ8Hmb3p9mhQRya+Jsx6P4JKpBPLKvODr2gyKxhH6Xa9DPQ8yhS14yk7lAt8jXOo ydLa0kolPVMZOL8xg+bgdzf+f51Ig4N4Z663PpDaIpiS66M94+IMESfykeb8XiMDIsL+ GmwUQFu7zS7FA1RYzzAZZU2N1IckqFiy8X2pAHmJtPq2DF8caXIXfF2Bc2cG66NToqrg oRIIv+mI/HxaXwIrqJ5KU2Y9kvPFQ9ekszsRvt/uXBDNkwidzk+e/jLMSIjxp4dDCojG wwHHXx6IFb9xPfb5i7Pvrr0V2lkxxJNhRlPpVM2vTVWX6EzEQhwtTwFdnBTfgJf+5sgz CnJw==
MIME-Version: 1.0
X-Received: by 10.140.19.212 with SMTP id 78mr1750941qgh.84.1393961125051; Tue, 04 Mar 2014 11:25:25 -0800 (PST)
Received: by 10.224.27.20 with HTTP; Tue, 4 Mar 2014 11:25:24 -0800 (PST)
Received: by 10.224.27.20 with HTTP; Tue, 4 Mar 2014 11:25:24 -0800 (PST)
In-Reply-To: <4cb5b8b8622048479255c9f6c42abac5@CO1PR05MB442.namprd05.prod.outlook.com>
References: <4cb5b8b8622048479255c9f6c42abac5@CO1PR05MB442.namprd05.prod.outlook.com>
Date: Tue, 04 Mar 2014 20:25:24 +0100
Message-ID: <CAFU7BAQ_PwVfTaOzEHiCv3b0BY6QJUF=We8_dRPw5_7QzsOy7Q@mail.gmail.com>
Subject: Re: FW: New Version Notification for draft-gont-6man-lla-opt-validation-00.txt
From: Jen Linkova <furry13@gmail.com>
To: Ronald Bonica <rbonica@juniper.net>
Content-Type: multipart/alternative; boundary="001a1134effcb081b004f3ccddd3"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/8WCME1JO44oDesBYYJzICbdnfF8
Cc: Fernando Gont <fgont@si6networks.com>, 6man <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 19:25:31 -0000

Hi Ron,
Few years ago I observed the situation when multicast MAC <-> unicast VIP
mapping (in ARP replies) was used by Microsoft server load balancing. Not
sure if it is still the case and if they are using the same trick for ipv6
but IMHO it worth investigating before prohibiting it.
On 14 Feb 2014 20:36, "Ronald Bonica" <rbonica@juniper.net> wrote:

> Folks,
>
> Please review and provide comments.
>
>                    Ron
>
>
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: Friday, February 14, 2014 9:54 AM
> To: Shucheng LIU (Will); Will Liu; Fernando Gont; Ronald Bonica; Fernando
> Gont; Ronald Bonica
> Subject: New Version Notification for
> draft-gont-6man-lla-opt-validation-00.txt
>
>
> A new version of I-D, draft-gont-6man-lla-opt-validation-00.txt
> has been successfully submitted by Fernando Gont and posted to the IETF
> repository.
>
> Name:           draft-gont-6man-lla-opt-validation
> Revision:       00
> Title:          Validation of Neighbor Discovery Source Link-Layer Address
> (SLLA) and Target Link-layer Address (TLLA) options
> Document date:  2014-02-14
> Group:          Individual Submission
> Pages:          10
> URL:
> http://www.ietf.org/internet-drafts/draft-gont-6man-lla-opt-validation-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-gont-6man-lla-opt-validation/
> Htmlized:
> http://tools.ietf.org/html/draft-gont-6man-lla-opt-validation-00
>
>
> Abstract:
>    This memo documents two scenarios in which an on-link attacker emits
>    a crafted IPv6 Neighbor Discovery (ND) packet that poisons its
>    victim's neighbor cache.  In the first scenario, the attacker causes
>    a victim to map a local IPv6 address to a local router's own link-
>    layer address.  In the second scenario, the attacker causes the
>    victim to map a unicast IP address to a link layer broadcast address.
>    In both scenarios, the attacker can exploit the poisoned neighbor
>    cache to perform a subsequent forwording-loop attack, thus
>    potentially causing a Denial of Service.
>
>    Finally, this memo specifies simple validations that the recipient of
>    an ND message can execute in order to protect itself against the
>    above-mentioned threats.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
>
> The IETF Secretariat
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>