[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 6to4 security questions

To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: 6to4 security questions
From: Jason Goldschmidt <jgoldsch@eng.sun.com>
Date: Wed, 20 Nov 2002 09:55:35 -0800
Cc: v6ops@ops.ietf.org
Delivery-date: Wed, 20 Nov 2002 09:56:52 -0800
Envelope-to: v6ops-data@psg.com
In-reply-to: <Pine.LNX.4.44.0211201923500.12074-100000@netcore.fi>
References: <Pine.LNX.4.44.0211201923500.12074-100000@netcore.fi>
Sender: owner-v6ops@ops.ietf.org
User-agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.2b) Gecko/20021016

Pekka Savola wrote:
Hi Pekka,

Thank you for the presentation today, it was too bad we didn't have more time to discuss it.

The most important part (how to go forward) got cut-off at the meeting, so I'm hoping to be able to hear some thoughts on the 6to4 security issues.

* The most important thing:
==> document the existing problems and declare done or try to invent
bigger fixes for the problems?

Documenting the problems is the first step (which your draft mostly does) and I believe these should remain in their own draft. The larger, relay router related, problems I do not believe can or should be solved by this draft. This draft should present the security concerns, the possible attacks and any known ways to protect a 6to4 site. I also believe there needs text that speaks to the usefulness of a 6to4 relay router. It should be made clear that a site should just block all traffic to/from relay routers if that site does not have a compelling reason to connect to the (Native) IPv6 Internet. 6to4 works great for connecting isolated clouds, but we can all see how connecting to the IPv6 Internet using 6to4 relay routers is flawed and dangerous.

* Draft has two parts
- relay spoofing troubles
- 6to4 usage analysis, guidelines for sec considerations implementation etc.

==> keep these separate or not? (the second are IMO ready)

Keep it in one draft. Any "solutions" for the relay router problems should be brought up in another draft.

* Is the relay problem (spoofing from 2001::/16) something we need to worry about?
- after all, you probably can spoof the source addresses without 6to4 too..
==> if yes, how much effort should we put into it?

This is a very serious problem which can make 6to4 hosts into pawns for a DDoS attack. It needs mentioning, but we might just have to accept that it is very difficult to prevent for the average case. Certainly 6to4 relay routers as an entity are not evil, only the potential abuse. With proper considerations and limited usage, relay routers can be used safely. A few people during the meeting mentioned using IPSec or some sort of three way handshake. These approaches will not work for the average case, but can work for specific deployments of 6to4.
thanks,

-Jason

* Should we analyze the DoS attacks (abusing relays) whether anything can be done against those in more detail?
- already in the draft, maybe more

Follow-Ups:
- Re: 6to4 security questions
  - From: Brian E Carpenter <brian@hursley.ibm.com>
- Re: 6to4 security questions
  - From: Pekka Savola <pekkas@netcore.fi>
- Re: 6to4 security questions
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

References:
- 6to4 security questions
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: 6to4 security questions
Next by Date: Re: transition mechanism (tunnel MTU) comment
Previous by thread: 6to4 security questions
Next by thread: Re: 6to4 security questions
Index(es):
- Date
- Thread