Technical Summary
This document is concerned with security vulnerabilities in IPv6-in-
IPv4 automatic tunnels. These vulnerabilities allow an attacker to
take advantage of inconsistencies between the IPv4 routing state and
the IPv6 routing state. The attack forms a routing loop which can be
abused as a vehicle for traffic amplification to facilitate DoS
attacks. The first aim of this document is to inform on this attack
and its root causes. The second aim is to present some possible
mitigation measures.
Working Group Summary
The initial version of the document was published 10/20/09.
Subsequent to IETF 78 the document was accepted as a working group
document. Last call was completed on 10/12/10.
Document Quality
This work has benefited from discussions on the V6OPS, 6MAN and
SECDIR mailing lists. Remi Despres, Christian Huitema, Dmitry
Anipko, Dave Thaler and Fernando Gont are acknowledged for their
contributions.
Personnel
Joel Jaegli is documet sheperd.