A Signature based Source Address Validation Method for IPv6 Edge Network
draft-bi-sava-solution-ipv6-edge-network-signature-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Jun Bi | ||
| Last updated | 2007-07-23 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Today's Internet is suffering from reflection-type DoS/DDoS attacks, such as TCP SYN flood, Smurf attack, DNS reflection, etc. These attacks often rely on the IP source address spoofing. Current source address spoofing prevention methods have a coarse granularity, and the attackers can still in some cases launch reflection-type DoS/DDos attacks or other attacks while being difficult to trace. Aiming to solve this problem, this document proposes a fine-granularity source address spoofing prevention method, which can prevent the attackers from forging source addresses that belong to the same edge network to send packets to somewhere outside the IPv6 edge network. The proposed method includes source address authentication using session key and hash digest algorithms and replay attack prevention by combining a sequence number method with a timestamp method.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)