After reviewing the adoption call comments, the chairs have decided not
to adopt draft-gont-ipv6-smurf-amplifier.
- We have not seen strong working group support for working on the draft.
- We are not convinced that the problem the draft sets out to resolve is worth
fixing
given that multicast
Fernando,
would that be other nodes than yourself and nodes on the same link
as yourself?
I guess in some scenarios it might be tricky.
For instance, even with link-local only multicast (as that used for
ND), you can send a packet to a link-local multiast address, but
sourced from any
It's a bit late for the call on adoption, but FWIW I support Fernando.
Tom Taylor
On 03/09/2013 8:44 PM, Fernando Gont wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/02/2013 07:34 AM, Ole Troan wrote:
If you read chapter 5 it starts out by explaining how RPF check
is always done
Hi
On 9/4/2013 4:28 AM, Ole Troan wrote:
Fernando,
would that be other nodes than yourself and nodes on the same link
as yourself?
I guess in some scenarios it might be tricky.
For instance, even with link-local only multicast (as that used for
ND), you can send a packet to a link-local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/02/2013 07:34 AM, Ole Troan wrote:
If you read chapter 5 it starts out by explaining how RPF check
is always done for multicast.
Due to the RPF check, the possibility of spoofing is
significantly reduced. Just like it is when using
Fernando,
I'm not sure if this attack is all that serious since there is
always an RPF check for multicast.
As it says in the draft:
It should be noted that if the multicast RPF check is used (e.g.
to prevent routing loops), this would prevent an attacker from
forging the
Resending as the IETF list had some drops the last few days.
-Vishwas
On Wed, Aug 28, 2013 at 4:37 PM, Vishwas Manral vishwas.i...@gmail.comwrote:
Hi folks,
I have read the document. I see the issue recognized as a genuine gap.
I would love to see the document through, also look more
On 08/28/2013 02:38 PM, Stig Venaas wrote:
I'm not sure if this attack is all that serious since there is
always an RPF check for multicast.
As it says in the draft:
It should be noted that if the multicast RPF check is used (e.g.
to prevent routing loops), this would
Dear all,
I have read draft-gont-6man-ipv6-smurf-amplifier-03 and believe the security
implications discussed and the suggestions for updating the two RFCs are
essential for security considerations, and the operational mitigations proposed
in the document provide good choices for design. I
Hi
I'm not sure if this attack is all that serious since there is
always an RPF check for multicast.
As it says in the draft:
It should be noted that if the multicast RPF check is used (e.g.
to prevent routing loops), this would prevent an attacker from
forging the Source
10 matches
Mail list logo