Hi all,
I would like to draw the attention of the list to some research results which
my colleague and I at the National EW Research & Simulation Center have
recently published. The research presents a class of routing loop attacks that
abuses 6to4, ISATAP and Teredo. The paper can be found at:
http://www.usenix.org/events/woot09/tech/full_papers/nakibly.pdf
Here is the abstract:
IPv6 is the future network layer protocol for the Internet. Since it is not
compatible with its predecessor, some interoperability mechanisms were
designed. An important category of these mechanisms is automatic tunnels, which
enable IPv6 communication over an IPv4 network without prior configuration.
This category includes ISATAP, 6to4 and Teredo. We present a novel class of
attacks that exploit vulnerabilities in these tunnels. These attacks take
advantage of inconsistencies between a tunnel's overlay IPv6 routing state and
the native IPv6 routing state. The attacks form routing loops which can be
abused as a vehicle for traffic amplification to facilitate DoS attacks. We
exhibit five attacks of this class. One of the presented attacks can DoS a
Teredo server using a single packet. The exploited vulnerabilities are embedded
in the design of the tunnels; hence any implementation of these tunnels may be
vulnerable. In particular, the attacks were tested
against the ISATAP, 6to4 and Teredo implementations of Windows Vista and
Windows Server 2008 R2.
I think the results of the research warrant some corrective action. If
this indeed shall be the general sentiment of the list, I will be happy write
an appropriate I-D. The mitigation measures we suggested in the paper are the
best we could think of to completely eliminate the problem. However they are
far from perfect since they would require tunnel implementations to be updated
in case new types of automatic tunnels are introduced.
Your comments are welcome.
Gabi
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
