I agree that your suggested text is more clear. Thanks again for the
continued careful review.
- Mark
On 1/12/10 7:57 AM, WashamFan wrote:
Hi,
>> > 7. It is still hard for me to get to looping issues described
in
>> > section 12, it would help if an example was there.
>>
>> yes, me too. ;-)
>> check out:
>> http://www.townsley.net/ietf76/townsley-ietf76-softwires-6rd-update.pdf
>>
>> and Nakibly and Arov's
>> [USENIX09
>> ]
>> Nakibly, G. and M. Arov, "Routing Loop Attacks
using IPv6
>> Tunnels, USENIX WOOT", August 2009.
>>
>>
>> I'll add an informative reference to this paper.
>>
> Thanks for the information. Unfortunately, the most important pdf pages
> are blank because of "token type not recognized" and the reference
>
Sorry about that. I just tried again and had no problem with PDF, if
anyone else has this problem I'd be interested to know how to resolve
it.
In any case, I've uploaded a couple of other formats (the second is a
directory of .jpg files of each slide). Hope that helps
http://www.townsley.net/ietf76/townsley-ietf76-softwires-6rd-update.ppsx
http://www.townsley.net/ietf76/townsley-ietf76-softwires-6rd-update/
> you are refering to seems unavailable to me (via google).
>
This came up as the top hit for me with Google:
http://www.usenix.org/event/woot09/tech/full_papers/nakibly.pdf
Thanks. Now I think I get this issue clearly. But after re-read the relevant
text, I found a tiny confusion.
para3, sec12 says:
A malicious user that is aware of a 6rd domain and the BR IPv4
address could use this information to construct a packet that would
cause a Border Relay Router to reflect tunneled packets outside of
the domain that it is serving. If the attacker constructs the packet
accordingly, and can inject a packet with an IPv6 source address that
looks as if it originates from within the 6rd domain of the second
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
border relay, forwarding loops between 6rd domains may be created,
^^^^^^^
allowing the malicious user to launch a packet amplification attack
between 6rd domains.
"the second border relay" here is confusing, I firstly got an impression that
"it originates from the second BR within the same 6rd domain",
So I suggest the text below
A malicious user that is aware of a 6rd domain and the BR IPv4
address could use this information to construct a packet that would
cause a Border Relay Router to reflect tunneled packets outside of
the domain that it is serving. If the attacker constructs the packet
accordingly, and can inject a packet with an IPv6 source address that
looks as if it originates from within another 6rd domain,
----------------------------------------------
forwarding loops between 6rd domains may be created,
allowing the malicious user to launch a packet amplification attack
between 6rd domains.
washam
_______________________________________________
Softwires mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/softwires
