Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, v6ops mailing list <email@example.com>, v6ops chair <firstname.lastname@example.org>, v6ops mailing list <email@example.com>, v6ops chair <firstname.lastname@example.org> Subject: Document Action: 'Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations' to Informational RFC (draft-ietf-v6ops-tunnel-loops-07.txt) The IESG has approved the following document: - 'Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations' (draft-ietf-v6ops-tunnel-loops-07.txt) as an Informational RFC This document is the product of the IPv6 Operations Working Group. The IESG contact persons are Ron Bonica and Dan Romascanu. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-v6ops-tunnel-loops/
Technical Summary This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between the IPv4 routing state and the IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures. Working Group Summary The initial version of the document was published 10/20/09. Subsequent to IETF 78 the document was accepted as a working group document. Last call was completed on 10/12/10. Document Quality This work has benefited from discussions on the V6OPS, 6MAN and SECDIR mailing lists. Remi Despres, Christian Huitema, Dmitry Anipko, Dave Thaler and Fernando Gont are acknowledged for their contributions. Personnel Joel Jaegli is documet sheperd.