datatracker.ietf.org
Sign in
Version 5.6.2.p6, 2014-09-03
Report a bug

Security Considerations for 6to4
RFC 3964

Document type: RFC - Informational (December 2004; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3964 (Informational)
Responsible AD: David Kessens
Send notices to: pekkas@netcore.fi, jonne.Soininen@nokia.com

Network Working Group                                          P. Savola
Request for Comments: 3964                                     CSC/FUNET
Category: Informational                                         C. Patel
                                                       All Play, No Work
                                                           December 2004

                    Security Considerations for 6to4

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   The IPv6 interim mechanism 6to4 (RFC3056) uses automatic
   IPv6-over-IPv4 tunneling to interconnect IPv6 networks.  The
   architecture includes 6to4 routers and 6to4 relay routers, which
   accept and decapsulate IPv4 protocol-41 ("IPv6-in-IPv4") traffic from
   any node in the IPv4 internet.  This characteristic enables a number
   of security threats, mainly Denial of Service.  It also makes it
   easier for nodes to spoof IPv6 addresses.  This document discusses
   these issues in more detail and suggests enhancements to alleviate
   the problems.

Savola & Patel               Informational                      [Page 1]
RFC 3964            Security Considerations for 6to4       December 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Different 6to4 Forwarding Scenarios  . . . . . . . . . . . . .  4
       2.1.  From 6to4 to 6to4  . . . . . . . . . . . . . . . . . . .  4
       2.2.  From Native to 6to4  . . . . . . . . . . . . . . . . . .  5
       2.3.  From 6to4 to Native  . . . . . . . . . . . . . . . . . .  5
       2.4.  Other Models . . . . . . . . . . . . . . . . . . . . . .  6
             2.4.1.  BGP between 6to4 Routers and Relays  . . . . . .  6
             2.4.2.  6to4 as an Optimization Method . . . . . . . . .  7
             2.4.3.  6to4 as Tunnel End-Point Addressing Mechanism . . 8
   3.  Functionalities of 6to4 Network Components . . . . . . . . . .  9
       3.1.  6to4 Routers . . . . . . . . . . . . . . . . . . . . . .  9
       3.2.  6to4 Relay Routers . . . . . . . . . . . . . . . . . . . 10
   4.  Threat Analysis  . . . . . . . . . . . . . . . . . . . . . . . 11
       4.1.  Attacks on 6to4 Networks . . . . . . . . . . . . . . . . 12
             4.1.1.  Attacks with ND Messages . . . . . . . . . . . . 13
             4.1.2.  Spoofing Traffic to 6to4 Nodes . . . . . . . . . 14
             4.1.3.  Reflecting Traffic to 6to4 Nodes . . . . . . . . 17
             4.1.4.  Local IPv4 Broadcast Attack  . . . . . . . . . . 19
       4.2.  Attacks on Native IPv6 Internet  . . . . . . . . . . . . 20
             4.2.1.  Attacks with ND Messages . . . . . . . . . . . . 21
             4.2.2.  Spoofing Traffic to Native IPv6 Nodes. . . . . . 21
             4.2.3.  Reflecting Traffic to Native IPv6 Nodes  . . . . 23
             4.2.4.  Local IPv4 Broadcast Attack  . . . . . . . . . . 24
             4.2.5.  Theft of Service . . . . . . . . . . . . . . . . 25
             4.2.6.  Relay Operators Seen as Source of Abuse  . . . . 26
       4.3.  Attacks on IPv4 Internet . . . . . . . . . . . . . . . . 28
       4.4.  Summary of the Attacks . . . . . . . . . . . . . . . . . 28
   5.  Implementing Proper Security Checks in 6to4  . . . . . . . . . 30
       5.1.  Encapsulating IPv6 into IPv4 . . . . . . . . . . . . . . 31
       5.2.  Decapsulating IPv4 into IPv6 . . . . . . . . . . . . . . 31
       5.3.  IPv4 and IPv6 Sanity Checks  . . . . . . . . . . . . . . 32
             5.3.1.  IPv4 . . . . . . . . . . . . . . . . . . . . . . 32
             5.3.2.  IPv6 . . . . . . . . . . . . . . . . . . . . . . 33
             5.3.3.  Optional Ingress Filtering . . . . . . . . . . . 33
             5.3.4.  Notes about the Checks . . . . . . . . . . . . . 33
   6.  Issues in 6to4 Implementation and Use  . . . . . . . . . . . . 34
       6.1.  Implementation Considerations with Automatic Tunnels . . 34
       6.2.  A Different Model for 6to4 Deployment  . . . . . . . . . 35
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 36
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 36
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 37
   A.  Some Trivial Attack Scenarios Outlined . . . . . . . . . . . . 39
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 40
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 41

Savola & Patel               Informational                      [Page 2]
RFC 3964            Security Considerations for 6to4       December 2004

1.  Introduction

[include full document text]