Hello folks, There was a draft on "local-link" security threats:
http://www.ietf.org/internet-drafts/draft-kempf-ipng-netaccess-threats-00.txt Some of these may apply _remotely_ to nodes which implement automatic tunneling mechanisms (autotunnel, 6to4, ...), too. Problem here is that if the automatic decapsulation is enabled, one can send packets like: === src=<pure_evil> dst=<6to4/autotunnel router> protocol=41 src6=fe80::1 dst6=ff02::1 [or link-local unicast, or something] hop limit=255 [<-- NOTE!] [payload] === Note! Tunneling decrements hop limit when encapsulating, so it cannot be trusted. Naturally, this is possible with configured tunnels too, but as there's usually some trust between the two parties, it's not as interesting. With automatic tunneling and friends, there doesn't need to be. Problem here is that it's possible to receive packets to link-local addresses of the pseudo-interface via autotunneling which have hop limit = 255. The latter is bad because several mechanisms including stateless address autoconfiguration partially depend on hop limit as a form of weak authorization. This way, one can send e.g. valid link-local NS/NA/RA/RS packets that will arrive on 6to4/autotunnel pseudo-interface. Luckily enough, these boxes most probably are configured as Routers not Hosts; an exception could be e.g. this combined "6to4 host + router in the same box" scenario. If the node doesn't act as a router, one could then inject e.g. router advertisement messages on the pseudo-interface -- and they would be processed -- from anywhere in the Internet. There might be some nasties for routers too. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
