Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations
draft-nakibly-v6ops-tunnel-loops-03

Document Type Replaced Internet-Draft (individual)
Last updated 2010-09-14 (latest revision 2010-08-18)
Replaced by draft-ietf-v6ops-tunnel-loops
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-v6ops-tunnel-loops
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-nakibly-v6ops-tunnel-loops-03.txt

Abstract

This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between a tunnel's overlay IPv6 routing state and the native IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures.

Authors

Gabi Nakibly (gnakibly@yahoo.com)
Fred Templin (fltemplin@acm.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)