Fernando, et al, > We have published a revision of our I-D entitled "Security Implications > of IPv6 options of Type 10xxxxxx", about IPv6 smurf amplifiers. > > The I-D is available at: > <http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt>. > > Any comments will be very appreciated.
isn't this attack covered already inRFC4443, section 5.2 bullet 5? cheers, Ole > -------- Original Message -------- > From: - Fri Jan 11 13:40:47 2013 > From: [email protected] > To: [email protected] > Cc: [email protected] > Subject: New Version Notification for > draft-gont-6man-ipv6-smurf-amplifier-01.txt > Message-ID: <[email protected]> > Date: Fri, 11 Jan 2013 08:40:12 -0800 > > > A new version of I-D, draft-gont-6man-ipv6-smurf-amplifier-01.txt > has been successfully submitted by Fernando Gont and posted to the > IETF repository. > > Filename: draft-gont-6man-ipv6-smurf-amplifier > Revision: 01 > Title: Security Implications of IPv6 options of Type 10xxxxxx > Creation date: 2013-01-11 > WG ID: Individual Submission > Number of pages: 9 > URL: > http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt > Status: > http://datatracker.ietf.org/doc/draft-gont-6man-ipv6-smurf-amplifier > Htmlized: > http://tools.ietf.org/html/draft-gont-6man-ipv6-smurf-amplifier-01 > Diff: > http://www.ietf.org/rfcdiff?url2=draft-gont-6man-ipv6-smurf-amplifier-01 > > Abstract: > When an IPv6 node processing an IPv6 packet does not support an IPv6 > option whose two-highest-order bits of the Option Type are '10', it > is required to respond with an ICMPv6 Parameter Problem error > message, even if the Destination Address of the packet was a > multicast address. This feature provides an amplification vector, > opening the door to an IPv6 version of the 'Smurf' Denial-of-Service > (DoS) attack found in IPv4 networks. This document discusses the > security implications of the aforementioned options, and formally > updates RFC 2460 such that this attack vector is eliminated. > Additionally, it describes a number of operational mitigations that > could be deployed against this attack vector. > > > > > > The IETF Secretariat > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
