Verification of Care-of Addresses in Multiple Bindings Registration

Document Type Expired Internet-Draft (individual)
Authors Benjamin Lim  , Chan-Wah Ng  , Keigo Aso  , Suresh Krishnan 
Last updated 2008-07-10
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Using multiple care-of address registration, there is a possibility that a malicious mobile node could create multiple care-of address bindings that does not belong to the mobile node at its home agent. The home agent would accept these bindings without verifying them due to the trust relationship it has with the mobile node. With these bindings, the mobile node can launch attacks by asking the home agent to flood the victims of these care-of addresses with useless packets. To mitigate such a problem, this memo introduces a few possible verification mechanisms that the home agent would use in order to verify the care-of addresses for the mobile node before using them for packet routing.


Benjamin Lim (
Chan-Wah Ng (
Keigo Aso (
Suresh Krishnan (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)