Ah, very good! Thanks for the pointer, Sam. - Christian
-- Christian Vogt, Institute of Telematics, Universitaet Karlsruhe (TH) www.tm.uka.de/~chvogt/pubkey/ Sam Hartman wrote: >>>>>> "Christian" == Christian Vogt <[EMAIL PROTECTED]> writes: > Christian> unamplified flooding would also be possible for the > Christian> attacker without HIP because the attacker could send > Christian> flooding packets with an IPv6 Routing header, directing > Christian> the packets to the correspondent node first, and from > Christian> there to the victim. To prevent this attack, the > Christian> firewall would have to look into the flooding packets' > Christian> extension headers since the IPv6 header would > Christian> (legitimately) include the correspondent node's IP > Christian> address. > > > Take a look at the v6ops IPV6 security overvew document. It > recommends dropping most routing headers to avoid this sort of attack. > _______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
