IETF Logo Mail Archive

Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]

David Malone <dwmalone@maths.tcd.ie> Thu, 26 April 2007 11:11 UTC

Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hh1sa-00074T-VF; Thu, 26 Apr 2007 07:11:16 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hh1sZ-000747-5G for ipv6@ietf.org; Thu, 26 Apr 2007 07:11:15 -0400
Received: from salmon.maths.tcd.ie ([2001:770:10:300::86e2:510b]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1Hh1sY-0004q7-JW for ipv6@ietf.org; Thu, 26 Apr 2007 07:11:15 -0400
Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie) by salmon.maths.tcd.ie with SMTP id <ab92414@salmon>; 26 Apr 2007 12:11:13 +0100 (BST)
Date: Thu, 26 Apr 2007 12:11:13 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: Brian E Carpenter <brc@zurich.ibm.com>
Message-ID: <20070426111113.GB67535@walton.maths.tcd.ie>
References: <462D4706.4000504@spaghetti.zurich.ibm.com> <462E7AB4.3050807@piuha.net> <m2mz0xp6je.wl%gnn@neville-neil.com> <20070425093402.A30586@mignon.ki.iif.hu> <20070425141336.E95D522875@thrintun.hactrn.net> <462F7005.50700@sri.com> <CE11116E-DF68-481D-AB30-E592C339CEFB@nokia.com> <46307C0E.9060809@zurich.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <46307C0E.9060809@zurich.ibm.com>
User-Agent: Mutt/1.5.6i
X-Spam-Score: -2.8 (--)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
Subject: Re: Question for IPv6 w.g. on [Re: IPv6 Type 0 Routing Header issues]
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org

On Thu, Apr 26, 2007 at 12:16:46PM +0200, Brian E Carpenter wrote:
> Excuse my ignorance, but have the following three rules ever been
> considered?
> 
> 1. The list of addresses in an RH0 MUST NOT include the packet's source 
> address.
> 2. The same address MUST NOT occur more than once in an RH0.
> 3. A node processing an RH0 MUST discard any packet breaking these two 
> rules.
> 
> I'd be interested in whether this would eliminate the various attacks.

I think we did talk about some rules like this before, maybe about
the time of the security considerations draft. I think these rules
make the attack only slightly more difficult, while at the same
time making some possibly valid uses of RH0 require trickery.

For example, these rules make it hard to use traceroute to find a
round-trip route from me to you. The obvious thing to do here is
do a traceroute where SRC=me, RH0[0]=you, RH0[1]=me. Of course, I
can always get almost the same information by doing SRC=me, RH0[0]=you
RH0[1]=someone_in_my_subnet.

You can use the same idea to make the attacks work even with the
restrictions above. If I want to flood a link, I find hosts X1 ...
XN on one side of the link and Y1 ... YN on the other side. Then I
send lots of packets with RH0[0] = X1, RH0[1] = Y1, RH0[2] = X2,
RH0[3] = Y2, ...

	David.

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email