"Christian" == Christian Vogt <chvogt(_at_)tm(_dot_)uka(_dot_)de> writes:
Christian> unamplified flooding would also be possible for the
Christian> attacker without HIP because the attacker could send
Christian> flooding packets with an IPv6 Routing header, directing
Christian> the packets to the correspondent node first, and from
Christian> there to the victim. To prevent this attack, the
Christian> firewall would have to look into the flooding packets'
Christian> extension headers since the IPv6 header would
Christian> (legitimately) include the correspondent node's IP
Christian> address.
Take a look at the v6ops IPV6 security overvew document. It
recommends dropping most routing headers to avoid this sort of attack.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf