draft-nakibly-v6ops-tunnel-loops-02.txt
Gabi Nakibly <gnakibly@yahoo.com> Wed, 12 May 2010 18:49 UTC
Return-Path: <owner-v6ops@ops.ietf.org>
X-Original-To: ietfarch-v6ops-archive@core3.amsl.com
Delivered-To: ietfarch-v6ops-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 71CB828C264 for <ietfarch-v6ops-archive@core3.amsl.com>; Wed, 12 May 2010 11:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwsQ6lc2bVcb for <ietfarch-v6ops-archive@core3.amsl.com>; Wed, 12 May 2010 11:49:05 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id AAA5F28C35C for <v6ops-archive@lists.ietf.org>; Wed, 12 May 2010 11:29:36 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-v6ops@ops.ietf.org>) id 1OCGZK-0008Y9-HO for v6ops-data0@psg.com; Wed, 12 May 2010 18:22:06 +0000
Received: from n63.bullet.mail.sp1.yahoo.com ([98.136.44.33]) by psg.com with smtp (Exim 4.71 (FreeBSD)) (envelope-from <gnakibly@yahoo.com>) id 1OCGZA-0008V7-Uo for v6ops@ops.ietf.org; Wed, 12 May 2010 18:21:57 +0000
Received: from [216.252.122.216] by n63.bullet.mail.sp1.yahoo.com with NNFMP; 12 May 2010 18:21:56 -0000
Received: from [98.136.44.165] by t1.bullet.sp1.yahoo.com with NNFMP; 12 May 2010 18:21:56 -0000
Received: from [127.0.0.1] by omp606.mail.sp1.yahoo.com with NNFMP; 12 May 2010 18:21:56 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 445451.14271.bm@omp606.mail.sp1.yahoo.com
Received: (qmail 72088 invoked by uid 60001); 12 May 2010 18:21:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1273688516; bh=EDf9snGQTEBKirYY29o0JDzptFU8/zkastwOogul+vc=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CtsrdBSu5hGEfYd9JF5kHMFl+ZyQMomKuoCmpHm3Udcx7e4gv68cQfYW79lxLPPKQ90DSFqkGPjg5VpktSW/7iRjXA06hJKU0blwC740DFM2QONOFiLNnZzCGCuc36hAXdA2+OHQTuvmRbT+s5oxOa1468U5HUpoyhgN8ES7rog=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=LioW7yGoBZKaeWhzE76Kkq/Wno11G+OCRjbRKa2YavLtBh1nGZ9f5A4B7CEOkzTC0U0fsAa/FCrCmWiR4XBuGBqoStTh9d5StUjWutu4loeOUR0S+4T+XqDJUha8aPSx11CtnmklUr7rCbNPGmAsOtN7yJTkEPv7nWrR/9Br/Mc=;
Message-ID: <335158.70445.qm@web45511.mail.sp1.yahoo.com>
X-YMail-OSG: 2doNMxkVM1l_ZXChqkt14.FD3xDYSyuVNtaHZR8FPqV6ndf P3u3URv0_jQaP8MqhwPWTZ0D3w6wBNTt2QixzNIMXvLaTq1HWXSR5TtmvpQe VBaF4HWgNStTQzha.cC74EWJ3b6_yhkszyGuTiran7Sdy3kfZZmY7vlJUXUf gZwX73JOD2xVDW4aHWiC.zMvi4_sr6l0ROgfWIpM_VJE9T_L2v4o50CdeIfO kv3GKWxLOSag3YWqcB6V_2_0TokDxkdaqbqo5yoUuownBuBwf.vjSlK2jUBq VONw-
Received: from [89.138.177.135] by web45511.mail.sp1.yahoo.com via HTTP; Wed, 12 May 2010 11:21:56 PDT
X-Mailer: YahooMailRC/374.4 YahooMailWebService/0.8.103.269680
Date: Wed, 12 May 2010 11:21:56 -0700
From: Gabi Nakibly <gnakibly@yahoo.com>
Subject: draft-nakibly-v6ops-tunnel-loops-02.txt
To: v6ops@ops.ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: owner-v6ops@ops.ietf.org
Precedence: bulk
List-ID: <v6ops.ops.ietf.org>
I would like to draw the attention of the list to a new version of the I-D titled "Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations". To remind you, the routing loop attack may be used to DoS any automatic IPv6-in-IPv4 tunnels. This version discusses the attack as it applies to all automatic tunnels in general (the previous version focused only on ISATAP and 6to4). It also suggests some possible mitigation measures. I would be happy to get your feedback on the attack, the suggested mitigation measures and the importance of the draft. Abstract This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between a tunnel's overlay IPv6 routing state and the native IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures. http://tools.ietf.org/html/draft-nakibly-v6ops-tunnel-loops-02 Gabi
- draft-nakibly-v6ops-tunnel-loops-02.txt Gabi Nakibly