IETF Logo Mail Archive

Re: IPv6 Type 0 Routing Header issues

Jari Arkko <jari.arkko@piuha.net> Tue, 24 April 2007 21:46 UTC

Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HgSqH-0006qm-1y; Tue, 24 Apr 2007 17:46:33 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HgSqE-0006qd-Q0 for ipv6@ietf.org; Tue, 24 Apr 2007 17:46:30 -0400
Received: from p130.piuha.net ([193.234.218.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HgSqD-0005Jm-CH for ipv6@ietf.org; Tue, 24 Apr 2007 17:46:30 -0400
Received: from p130.piuha.net (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 3844A19868C; Wed, 25 Apr 2007 00:46:28 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [193.234.218.130]) by p130.piuha.net (Postfix) with ESMTP id E4FFE19866A; Wed, 25 Apr 2007 00:46:27 +0300 (EEST)
Message-ID: <462E7AB4.3050807@piuha.net>
Date: Wed, 25 Apr 2007 00:46:28 +0300
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 1.5.0.10 (X11/20070306)
MIME-Version: 1.0
To: Jeroen Massar <jeroen@unfix.org>
References: <462D4706.4000504@spaghetti.zurich.ibm.com>
In-Reply-To: <462D4706.4000504@spaghetti.zurich.ibm.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: v6ops@ops.ietf.org, ipv6@ietf.org, IPv6 Ops list <ipv6-ops@lists.cluenet.de>
Subject: Re: IPv6 Type 0 Routing Header issues
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org

> Just in case folks are missing out on this, find below a rather nasty
> security issue.
>   

I cannot say that this is a big surprise, even if the specific attack
is news to me and it has a major impact. Some issues with Type 0
have been known for years; I think draft-savola-ipv6-rh-ha was the
first to report these. RFC 4294 warns of the issues and RFC 3775
design was based on the idea of avoiding Type 0 because it
was felt that at some point Type 0 would likely be filtered due
to its problems. Also, draft-ietf-v6ops-security-overview was recently
approved. It notes, among other things that "it may be desirable
to forbid or limit the processing of Type 0 Routing Headers
in hosts and some routers."

So I think we should take that advice and modify the stacks that
do not do the right thing today. A good first approximation is
to add a configuration knob for processing Type 0 headers
in both hosts and routers, with default set to off. Better
firewall support for doing this would also be needed (without
disabling use of Type 2, of course).

But we at the IETF also need to draw a conclusion about the
state of Type 0. This feature needs to be retired.

Jari


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email