[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-savola-v6ops-6to4-security-00.txt

To: v6ops@ops.ietf.org
Subject: Re: I-D ACTION:draft-savola-v6ops-6to4-security-00.txt
From: Pekka Savola <pekkas@netcore.fi>
Date: Wed, 23 Oct 2002 16:31:40 +0300 (EEST)
Delivery-date: Wed, 23 Oct 2002 06:32:55 -0700
Envelope-to: v6ops-data@psg.com

Hello,

As noted, here's a revision of my old draft.

I've mainly added some textual enhancements and an initial take on 
"spoofing relay" issues; security considerations should also take 
remainder threats into account a bit better.

Have fun..

On Wed, 23 Oct 2002 Internet-Drafts@ietf.org wrote:
> 	Title		: Security Considerations for 6to4
> 	Author(s)	: P. Savola
> 	Filename	: draft-savola-v6ops-6to4-security-00.txt
> 	Pages		: 20
> 	Date		: 2002-10-22
> 	
> The IPv6 interim mechanism 6to4 [6TO4] uses automatic IPv6-over-IPv4
> tunneling to interconnect IPv6 networks.  The architecture includes
> Relay Routers and Routers, which accept and decapsulate IPv4 traffic
> from anywhere.  There aren't many constraints on the embedded IPv6
> packets, or where IPv4 traffic will be automatically tunneled to.
> These could enable one to go around access controls, and more likely,
> being able to perform proxy Denial of Service attacks using Relays as
> reflectors.  Anyone is also capable of spoofing traffic from non-6to4
> addresses, as if it was coming from a relay, to a 6to4 router.  This
> document discusses these issues in more detail and tries to suggest
> enhancements to alleviate the problems.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-savola-v6ops-6to4-security-00.txt
> 
> To remove yourself from the IETF Announcement list, send a message to 
> ietf-announce-request with the word unsubscribe in the body of the message.
> 
> Internet-Drafts are also available by anonymous FTP. Login with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
> 	"get draft-savola-v6ops-6to4-security-00.txt".
> 
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html 
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> 
> Internet-Drafts can also be obtained by e-mail.
> 
> Send a message to:
> 	mailserv@ietf.org.
> In the body type:
> 	"FILE /internet-drafts/draft-savola-v6ops-6to4-security-00.txt".
> 	
> NOTE:	The mail server at ietf.org can return the document in
> 	MIME-encoded form by using the "mpack" utility.  To use this
> 	feature, insert the command "ENCODING mime" before the "FILE"
> 	command.  To decode the response(s), you will need "munpack" or
> 	a MIME-compliant mail reader.  Different MIME-compliant mail readers
> 	exhibit different behavior, especially when dealing with
> 	"multipart" MIME messages (i.e. documents which have been split
> 	up into multiple messages), so check your local documentation on
> 	how to manipulate these messages.
> 		
> 		
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
> 

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

Prev by Date: I-D ACTION:draft-savola-v6ops-6to4-security-00.txt
Next by Date: I-D ACTION:draft-savola-v6ops-6bone-mess-00.txt
Previous by thread: I-D ACTION:draft-savola-v6ops-6to4-security-00.txt
Next by thread: I-D ACTION:draft-savola-v6ops-6bone-mess-00.txt
Index(es):
- Date
- Thread