Skip to main content

Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations
draft-nakibly-v6ops-tunnel-loops-03

Document Type Replaced Internet-Draft (individual)
Authors Gabi Nakibly , Fred Templin
Last updated 2010-09-14 (Latest revision 2010-08-18)
Replaced by RFC 6324
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text html xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-v6ops-tunnel-loops
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:
https://www.ietf.org/archive/id/draft-nakibly-v6ops-tunnel-loops-03.txt

Abstract

This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between a tunnel's overlay IPv6 routing state and the native IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures.

Authors

Gabi Nakibly
Fred Templin

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)