[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 firewalling draft updated (bonus: IPv6-specific DoS attack)

To: v6ops@ops.ietf.org
Subject: IPv6 firewalling draft updated (bonus: IPv6-specific DoS attack)
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 4 Mar 2003 17:06:08 +0200 (EET)

Hi,

I've updated my "IPv6 Firewalling Considerations" draft, and it will be 
available in the repositories before the meeting.  In the mean time, it 
can be found at:

http://www.netcore.fi/pekkas/ietf/draft-savola-v6ops-firewalling-01.txt

As a sugar on top to encourage you folks to read it, I've added (in an
appendix) an IPv6-specific DoS reflection attack (with amplification)  
involving multicast.  I hope that's enough to make folks read & comment
;-)

Abstract:

   There are quite a few potential problems regarding firewalling or
   packet filtering in IPv6 environment.  These include slight ambiguity
   in the IPv6 specification, problems parsing packets beyond unknown
   Extension Headers and Destination Options, and introduction of end-
   to-end encrypted traffic and peer-to-peer applications.  There may
   also be need to extend packet matching to include some Extension
   Header or Destination Option fields.  This draft discusses these
   issues to raise awareness and proposes some tentative solutions or
   workarounds.


-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: IPv6 firewalling draft updated (bonus: IPv6-specific DoS attack)
  - From: Ronald van der Pol <Ronald.vanderPol@rvdp.org>

Prev by Date: Re: WG Last Call: draft-ietf-v6ops-unman-scenarios-00.txt
Next by Date: RE: WG Last Call: draft-ietf-v6ops-unman-scenarios-00.txt
Previous by thread: draft-huitema-v6ops-unmaneval-00.txt
Next by thread: Re: IPv6 firewalling draft updated (bonus: IPv6-specific DoS attack)
Index(es):
- Date
- Thread