Hi,
> >> > 7. It is still hard for me to get to looping issues described
> in
> >> > section 12, it would help if an example was there.
> >>
> >> yes, me too. ;-)
> >> check out:
> >> http://www.townsley.net/ietf76/townsley-ietf76-softwires-6rd-update.pdf
> >>
> >> and Nakibly and Arov's
> >> [USENIX09
> >> ]
> >> Nakibly, G. and M. Arov, "Routing Loop Attacks
> using IPv6
> >> Tunnels, USENIX WOOT", August 2009.
> >>
> >>
> >> I'll add an informative reference to this paper.
> >>
> > Thanks for the information. Unfortunately, the most important pdf pages
> > are blank because of "token type not recognized" and the reference
> >
> Sorry about that. I just tried again and had no problem with PDF, if
>
> anyone else has this problem I'd be interested to know how to resolve
> it.
>
> In any case, I've uploaded a couple of other formats (the second is a
>
> directory of .jpg files of each slide). Hope that helps
>
> http://www.townsley.net/ietf76/townsley-ietf76-softwires-6rd-update.ppsx
>
> http://www.townsley.net/ietf76/townsley-ietf76-softwires-6rd-update/
>
> > you are refering to seems unavailable to me (via google).
> >
> This came up as the top hit for me with Google:
>
> http://www.usenix.org/event/woot09/tech/full_papers/nakibly.pdf
Thanks. Now I think I get this issue clearly. But after re-read the relevant
text, I found a tiny confusion.
para3, sec12 says:
A malicious user that is aware of a 6rd domain and the BR IPv4
address could use this information to construct a packet that would
cause a Border Relay Router to reflect tunneled packets outside of
the domain that it is serving. If the attacker constructs the packet
accordingly, and can inject a packet with an IPv6 source address that
looks as if it originates from within the 6rd domain of the second
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
border relay, forwarding loops between 6rd domains may be created,
^^^^^^^
allowing the malicious user to launch a packet amplification attack
between 6rd domains.
"the second border relay" here is confusing, I firstly got an impression that
"it originates from the second BR within the same 6rd domain",
So I suggest the text below
A malicious user that is aware of a 6rd domain and the BR IPv4
address could use this information to construct a packet that would
cause a Border Relay Router to reflect tunneled packets outside of
the domain that it is serving. If the attacker constructs the packet
accordingly, and can inject a packet with an IPv6 source address that
looks as if it originates from within another 6rd domain,
----------------------------------------------
forwarding loops between 6rd domains may be created,
allowing the malicious user to launch a packet amplification attack
between 6rd domains.
washam
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
