Re: [secdir] Routing loop attacks using IPv6 tunnels

Hesham Soliman <hesham@elevatemobile.com> Tue, 15 September 2009 05:50 UTC

Return-Path: <hesham@elevatemobile.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C335C28C0E4; Mon, 14 Sep 2009 22:50:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.512
X-Spam-Level:
X-Spam-Status: No, score=-2.512 tagged_above=-999 required=5 tests=[AWL=0.087, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfR85tvDLX+j; Mon, 14 Sep 2009 22:50:23 -0700 (PDT)
Received: from smtp-1.servers.netregistry.net (smtp.netregistry.net [202.124.241.204]) by core3.amsl.com (Postfix) with ESMTP id D902328C0DF; Mon, 14 Sep 2009 22:50:21 -0700 (PDT)
Received: from [114.75.158.220] (helo=[192.168.0.4]) by smtp-1.servers.netregistry.net protocol: esmtpa (Exim 4.63 #1 (Debian)) id 1MnQwK-00010t-QE; Tue, 15 Sep 2009 15:50:58 +1000
User-Agent: Microsoft-Entourage/12.20.0.090605
Date: Tue, 15 Sep 2009 15:50:42 +1000
From: Hesham Soliman <hesham@elevatemobile.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <C6D56852.F4CD%hesham@elevatemobile.com>
Thread-Topic: Routing loop attacks using IPv6 tunnels
Thread-Index: AcozSBuZiYSXlZV3Qjy1t5j1F1+faQCCZNUwAB2xuao=
In-Reply-To: <39C363776A4E8C4A94691D2BD9D1C9A10665C90F@XCH-NW-7V2.nw.nos.boeing.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Authenticated-User: hesham@elevatemobile.com
Cc: v6ops <v6ops@ops.ietf.org>, Christian Huitema <huitema@microsoft.com>, ipv6@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Routing loop attacks using IPv6 tunnels
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2009 05:50:23 -0000

Fred, 

>>> What I would rather have said was that mechanisms such as
>>> SEcure Neighbor Discovery (SEND) may be helpful in private
>>> addressing domains where spoofing is possible. Let me know
>>> if this makes sense.
>> 
>> Except for the practical problems involved in deploying SEND.
> 
> Can it be said that there is any appreciable operational
> experience with SEND yet? Are there implementations?

=> About 2 months ago there was a thread on the node requirements draft that
addressed the presence of SEND implementations and people who have
implementations voiced them on the list. If memory serves me right it's
basically on linux, BSD and IOS, but check the archives. I don't know
anything about deployment experience.

Hesham