Re: [secdir] secdir review of draft-ietf-hip-mm-04.txt

"Christian" == Christian Vogt <chvogt(_at_)tm(_dot_)uka(_dot_)de> writes:

    Christian> unamplified flooding would also be possible for the
    Christian> attacker without HIP because the attacker could send
    Christian> flooding packets with an IPv6 Routing header, directing
    Christian> the packets to the correspondent node first, and from
    Christian> there to the victim.  To prevent this attack, the
    Christian> firewall would have to look into the flooding packets'
    Christian> extension headers since the IPv6 header would
    Christian> (legitimately) include the correspondent node's IP
    Christian> address.


Take a look at the v6ops IPV6 security overvew document.  It
recommends dropping most routing headers to avoid this sort of attack.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: secdir review of draft-ietf-hip-mm-04.txt, Christian Vogt

Next by Date:

Re: ion-procdocs open for public comment, Ned Freed

Previous by Thread:

Re: secdir review of draft-ietf-hip-mm-04.txt, Christian Vogt

Next by Thread:

Re: [secdir] secdir review of draft-ietf-hip-mm-04.txt, Christian Vogt

Indexes:

[Date] [Thread] [Top] [All Lists]