Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations
draft-nakibly-v6ops-tunnel-loops-03
Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Gabi Nakibly , Fred Templin | ||
Last updated | 2010-09-14 (Latest revision 2010-08-18) | ||
Replaced by | draft-ietf-v6ops-tunnel-loops | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Replaced by draft-ietf-v6ops-tunnel-loops | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between a tunnel's overlay IPv6 routing state and the native IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)