[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt

To: Pekka Savola <pekkas@netcore.fi>, v6ops@ops.ietf.org
Subject: Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
From: Alain Durand <Alain.Durand@Sun.COM>
Date: Tue, 17 Dec 2002 14:19:12 -0800
References: <Pine.LNX.4.44.0212172330220.11103-100000@netcore.fi>
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.0.1) Gecko/20020920Netscape/7.0


Pekka Savola wrote:

On Wed, 11 Dec 2002, Alain Durand wrote:

There are some aspects you somehow overlooked in your draft.

1. This attack by spoofing relay can be distributed to
a huge number of reflectors (just have to find their address
in the DNS). This changes quiet a lot of things, and
makes tracing the attack and stopping it very difficult.
For example, it is not clear how statistical analysis
done on packet sampling will work.

I meant to write about these a bit, but seemingly forgot. (I don't see this as a huge issue, as it seems to me that to succeed, this would require at least hundreds of relay routers.)

Maybe I was not very clear, I meant a single zombie
pretending to be a relay and sending a single packet
to a very large number of 6to4 hosts with IPv6 src
set to the victim machine.

   - Alain.

Follow-Ups:
- Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
  - From: Pekka Savola <pekkas@netcore.fi>

References:
- Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
Next by Date: conclusion on 3GPP scenario 2 ?
Previous by thread: Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
Next by thread: Re: I-D ACTION:draft-savola-v6ops-6to4-security-01.txt
Index(es):
- Date
- Thread