[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Routing loop attacks using IPv6 tunnels

To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, v6ops <v6ops@ops.ietf.org>
Subject: Re: Routing loop attacks using IPv6 tunnels
From: Gabi Nakibly <gnakibly@yahoo.com>
Date: Fri, 28 Aug 2009 12:07:03 -0700 (PDT)
Cc: ipv6@ietf.org, secdir@ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=pPlx7cL2MRce1y2zN2UZIkbdnTGxw/vd4In+hSEKzoVgANfmN5Tb1PFezkjjL3FbeytRDV20BeWUaJ3B1UcpjejYDKs5gY+UUbYsAyWZVsHgJO6LrWaIHerR1ZroEtxDXlGuVoEkLKfXpilfHvD/8sAPbJaYSRhQ017qWuOo9Is=;
In-reply-to: <39C363776A4E8C4A94691D2BD9D1C9A106555996@XCH-NW-7V2.nw.nos.boeing.com>
References: <475898.88672.qm@web45510.mail.sp1.yahoo.com><39C363776A4E8C4A94691D2BD9D1C9A106514554@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A1065145AE@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A106555996@XCH-NW-7V2.nw.nos.boeing.com>

Correct. All the attacks rely on the fact that the ISATAP router encapsulates/decapsulates a packet the 6to4 relay decapsulates/encapsulates, respectively. So the two tunnels must have the same encapsulation type.

----- Original Message ----
> From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
> To: Gabi Nakibly <gnakibly@yahoo.com>; v6ops <v6ops@ops.ietf.org>
> Cc: ipv6@ietf.org; secdir@ietf.org
> Sent: Friday, August 28, 2009 7:23:03 PM
> Subject: RE: Routing loop attacks using IPv6 tunnels
> 
> Gabi,
> 
> Correct me if I am wrong, but if there were a new version
> of ISATAP that did not use ip-proto-41 encapsulation but
> instead used a different kind of encapsulation, then it
> need not concern itself with routing loop interactions
> with 6to4 relays since 6to4 relays only know about
> ip-proto-41. Does that match your understanding? 
> 
> Thanks - Fred
> fred.l.templin@boeing.com

Follow-Ups:
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>

References:
- Re: Routing loop attacks using IPv6 tunnels
  - From: Gabi Nakibly <gnakibly@yahoo.com>
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>

Prev by Date: Re: Routing loop attacks using IPv6 tunnels
Next by Date: RE: Routing loop attacks using IPv6 tunnels
Previous by thread: RE: Routing loop attacks using IPv6 tunnels
Next by thread: RE: Routing loop attacks using IPv6 tunnels
Index(es):
- Date
- Thread