[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-savola-v6ops-6to4-security-00.txt
- To: v6ops@ops.ietf.org
- Subject: Re: I-D ACTION:draft-savola-v6ops-6to4-security-00.txt
- From: Pekka Savola <pekkas@netcore.fi>
- Date: Wed, 23 Oct 2002 16:31:40 +0300 (EEST)
- Delivery-date: Wed, 23 Oct 2002 06:32:55 -0700
- Envelope-to: v6ops-data@psg.com
Hello,
As noted, here's a revision of my old draft.
I've mainly added some textual enhancements and an initial take on
"spoofing relay" issues; security considerations should also take
remainder threats into account a bit better.
Have fun..
On Wed, 23 Oct 2002 Internet-Drafts@ietf.org wrote:
> Title : Security Considerations for 6to4
> Author(s) : P. Savola
> Filename : draft-savola-v6ops-6to4-security-00.txt
> Pages : 20
> Date : 2002-10-22
>
> The IPv6 interim mechanism 6to4 [6TO4] uses automatic IPv6-over-IPv4
> tunneling to interconnect IPv6 networks. The architecture includes
> Relay Routers and Routers, which accept and decapsulate IPv4 traffic
> from anywhere. There aren't many constraints on the embedded IPv6
> packets, or where IPv4 traffic will be automatically tunneled to.
> These could enable one to go around access controls, and more likely,
> being able to perform proxy Denial of Service attacks using Relays as
> reflectors. Anyone is also capable of spoofing traffic from non-6to4
> addresses, as if it was coming from a relay, to a 6to4 router. This
> document discusses these issues in more detail and tries to suggest
> enhancements to alleviate the problems.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-savola-v6ops-6to4-security-00.txt
>
> To remove yourself from the IETF Announcement list, send a message to
> ietf-announce-request with the word unsubscribe in the body of the message.
>
> Internet-Drafts are also available by anonymous FTP. Login with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
> "get draft-savola-v6ops-6to4-security-00.txt".
>
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
> Internet-Drafts can also be obtained by e-mail.
>
> Send a message to:
> mailserv@ietf.org.
> In the body type:
> "FILE /internet-drafts/draft-savola-v6ops-6to4-security-00.txt".
>
> NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the "FILE"
> command. To decode the response(s), you will need "munpack" or
> a MIME-compliant mail reader. Different MIME-compliant mail readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been split
> up into multiple messages), so check your local documentation on
> how to manipulate these messages.
>
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords