Security Considerations for 6to4
draft-savola-ngtrans-6to4-security-01

Document Type Expired Internet-Draft (individual)
Author Pekka Savola 
Last updated 2002-03-04
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-savola-ngtrans-6to4-security-01.txt

Abstract

The IPv6 interim mechanism 6to4 [6TO4] uses automatic IPv6-over-IPv4 tunneling to interconnect IPv6 networks. The architecture includes Relay Routers and Routers, which accept and decapsulate IPv4 traffic from anywhere. There aren't many constraints on the embedded IPv6 packets, or where IPv4 traffic will be automatically tunneled to. These could enable one to go around access controls, and more likely, being able to perform proxy Denial of Service attacks using Relays as reflectors. This document discusses these issues and tries to suggest enhancements to alleviate the problems.

Authors

Pekka Savola (psavola@funet.fi)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)