[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Routing loop attacks using IPv6 tunnels

To: "Gabi Nakibly" <gnakibly@yahoo.com>, "v6ops" <v6ops@ops.ietf.org>
Subject: RE: Routing loop attacks using IPv6 tunnels
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Date: Fri, 28 Aug 2009 13:25:23 -0700
Cc: <ipv6@ietf.org>, <secdir@ietf.org>
In-reply-to: <212591.98462.qm@web45502.mail.sp1.yahoo.com>
References: <475898.88672.qm@web45510.mail.sp1.yahoo.com><39C363776A4E8C4A94691D2BD9D1C9A106514554@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A1065145AE@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A106555996@XCH-NW-7V2.nw.nos.boeing.com> <212591.98462.qm@web45502.mail.sp1.yahoo.com>

Gabi,

> -----Original Message-----
> From: Gabi Nakibly [mailto:gnakibly@yahoo.com]
> Sent: Friday, August 28, 2009 12:07 PM
> To: Templin, Fred L; v6ops
> Cc: ipv6@ietf.org; secdir@ietf.org
> Subject: Re: Routing loop attacks using IPv6 tunnels
> 
> Correct. All the attacks rely on the fact that the ISATAP router
encapsulates/decapsulates a packet
> the 6to4 relay decapsulates/encapsulates, respectively. So the two
tunnels must have the same
> encapsulation type.

OK. That will greatly simplify the checks needed for new
automatic tunneling protocols that have a format other
than ip-proto-41.

Fred
fred.l.templin@boeing.com

> ----- Original Message ----
> > From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
> > To: Gabi Nakibly <gnakibly@yahoo.com>; v6ops <v6ops@ops.ietf.org>
> > Cc: ipv6@ietf.org; secdir@ietf.org
> > Sent: Friday, August 28, 2009 7:23:03 PM
> > Subject: RE: Routing loop attacks using IPv6 tunnels
> >
> > Gabi,
> >
> > Correct me if I am wrong, but if there were a new version
> > of ISATAP that did not use ip-proto-41 encapsulation but
> > instead used a different kind of encapsulation, then it
> > need not concern itself with routing loop interactions
> > with 6to4 relays since 6to4 relays only know about
> > ip-proto-41. Does that match your understanding?
> >
> > Thanks - Fred
> > fred.l.templin@boeing.com
> 
> 
> 
>

References:
- Re: Routing loop attacks using IPv6 tunnels
  - From: Gabi Nakibly <gnakibly@yahoo.com>
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- RE: Routing loop attacks using IPv6 tunnels
  - From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
- Re: Routing loop attacks using IPv6 tunnels
  - From: Gabi Nakibly <gnakibly@yahoo.com>

Prev by Date: RE: Routing loop attacks using IPv6 tunnels
Next by Date: Re: Routing loop attacks using IPv6 tunnels
Previous by thread: Re: Routing loop attacks using IPv6 tunnels
Next by thread: Re: Routing loop attacks using IPv6 tunnels
Index(es):
- Date
- Thread