Hi, Ole,
On 01/14/2013 04:13 PM, Fernando Gont wrote:
>
> On 01/14/2013 05:10 AM, Ole Troan wrote:
>>> We have published a revision of our I-D entitled "Security Implications
>>> of IPv6 options of Type 10xxxxxx", about IPv6 smurf amplifiers.
>>>
>>> The I-D is available at:
>>> <http://www.ietf.org/internet-drafts/draft-gont-6man-ipv6-smurf-amplifier-01.txt>.
>>>
>>> Any comments will be very appreciated.
>>
>> isn't this attack covered already inRFC4443, section 5.2 bullet 5?
BTW, bullet "e)" in Section 2.4 (page 6) of RFC 4443 says:
(e.3) A packet destined to an IPv6 multicast address. (There are
two exceptions to this rule: (1) the Packet Too Big Message
(Section 3.2) to allow Path MTU discovery to work for IPv6
multicast, and (2) the Parameter Problem Message, Code 2
(Section 3.4) reporting an unrecognized IPv6 option (see
Section 4.2 of [IPv6]) that has the Option Type highest-
order two bits set to 10).
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
