Technical Summary
This document proposes a simple extension to the treatment of a datagram
received by a router destined to a receiver that does not exist. Current
specifications have the router queuing the datagram while obtaining the
needed MAC address from Neighbor Discovery, and upon failure of that
discarding the datagram and responding ICMP Unreachable. Under
administrative control, the datagram could instead be forwarded, or
summarized and the summary forwarded, to an appropriate collector for
offline analysis. This could be used, as similar darknet traffic is used,
to detect and learn about attacks in the network. In essence, any address
in a network that is not currently instantiated can be used as as "dark"
or "grey" network address without additional impact on the network.
Working Group Summary
The operators in the working group indicated that the capability would be
interesting and useful.
Document Quality
The document suggests existing protocols that could be used to transport
the information, but does not specify a protocol. A prototype
implementation was created for testing purposes but has not at this point
been committed back to the open source community.
Personnel
Tim Chown is shepherd.