Re: [v6ops] Mitigation against IPv6 Router Advertisements flooding - draft-moonesamy-ra-flood-limit-00
Arturo Servin <arturo.servin@gmail.com> Thu, 04 July 2013 01:19 UTC
Return-Path: <arturo.servin@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BDE321F9104 for <v6ops@ietfa.amsl.com>; Wed, 3 Jul 2013 18:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k52u9SQJx5ke for <v6ops@ietfa.amsl.com>; Wed, 3 Jul 2013 18:19:17 -0700 (PDT)
Received: from mail-qc0-x230.google.com (mail-qc0-x230.google.com [IPv6:2607:f8b0:400d:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id C2FE521F9057 for <v6ops@ietf.org>; Wed, 3 Jul 2013 18:19:17 -0700 (PDT)
Received: by mail-qc0-f176.google.com with SMTP id z10so492703qcx.21 for <v6ops@ietf.org>; Wed, 03 Jul 2013 18:19:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=4k+0hWvShcXcnvjW/h0WbsWQQv285w+2GKtWTgsSE7Y=; b=wjemhVTz20rbFcx0EOqE9Ts+5Dhs3PdsEddo9O3Mx1EQYz0f36Gh/p7lg/adsnNFk4 zylUp9DGX2kMKwDgBVRBL+xzsiblhBoFQOLGgYC+BdZaftmyB0laBDGAdGNyyruPqAJc iCP8JRu+ZoLTjdVz9F6JutD2mvHT/loLLLfE8rC+kwxCGB6h2t84I5Awv8614fYOJ7Ea xXgG12YWRehTp59h0kTwyD/Rvy4tLrmCqIWCVIKyy61LrPlLuALZX9hf9Py0369oq55U toqcdk1D1GYFLfqnWWI/igFgglGzUtjtR1ThZ+CxIolYdbRoNdOnGzCSQvGfHv2WF3ta ee+Q==
X-Received: by 10.229.126.197 with SMTP id d5mr958155qcs.91.1372900757251; Wed, 03 Jul 2013 18:19:17 -0700 (PDT)
Received: from Arturos-MacBook-Pro.local (r186-48-205-176.dialup.adsl.anteldata.net.uy. [186.48.205.176]) by mx.google.com with ESMTPSA id pg6sm789054qeb.5.2013.07.03.18.19.15 for <v6ops@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Jul 2013 18:19:16 -0700 (PDT)
Message-ID: <51D4CD90.5070005@gmail.com>
Date: Wed, 03 Jul 2013 22:19:12 -0300
From: Arturo Servin <arturo.servin@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: v6ops@ietf.org
References: <6.2.5.6.2.20130702145424.0af37160@elandnews.com>
In-Reply-To: <6.2.5.6.2.20130702145424.0af37160@elandnews.com>
Content-Type: multipart/alternative; boundary="------------090907070309000305010109"
Subject: Re: [v6ops] Mitigation against IPv6 Router Advertisements flooding - draft-moonesamy-ra-flood-limit-00
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2013 01:19:18 -0000
SM,
Why IPv6 Router Advertisement Guard would be not enough?
Or are these recommendations orthogonal to a network applying RA?
I think that it would be important to address those questions in the
draft.
Also, related. Is it possible for a host to perform a RS attack?
Regards,
as
On 7/2/13 7:02 PM, S Moonesamy wrote:
> Hello,
>
> An IPv6 Router Advertisements flooding attack can cause a node to
> consume all CPU resources available making the system unusable and
> unresponsive. draft-moonesamy-ra-flood-limit-00 (
> http://tools.ietf.org/html/draft-moonesamy-ra-flood-limit-00 )
> recommends some configurable variables as a mitigation against an IPv6
> Router Advertisements flooding attack.
>
> I would appreciate if you read the draft and comment.
>
> Regards,
> S. Moonesamy
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] Mitigation against IPv6 Router Advertisem… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Rui Paulo
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… David Farmer
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… David Farmer
- Re: [v6ops] Mitigation against IPv6 Router Advert… Arturo Servin
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Arturo Servin
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… David Farmer
- Re: [v6ops] Mitigation against IPv6 Router Advert… Arturo Servin
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Fernando Gont
- Re: [v6ops] Mitigation against IPv6 Router Advert… S Moonesamy
- Re: [v6ops] Mitigation against IPv6 Router Advert… Fernando Gont