Re: Recovering from multiple routers advertising routes

To: cerveny@internet2.edu
Cc: debian-ipv6@lists.debian.org
Subject: Re: Recovering from multiple routers advertising routes
From: matthew.ford@bt.com
Date: Thu, 15 May 2003 16:28:33 +0100
Message-id: <[🔎] ADEC16A81CFF17489F5A2A9E1D2226DE401C5B@i2km41-ukdy.nat.bt.com>

Bill,

You should check out the work of the Secure Neighbour Discovery (SEND)
Working Group in the IETF which is working hard right now to address this
issue, and also the broader issue of securing the Neighbour Discovery
procedure in IPv6.

http://www.ietf.org/html.charters/send-charter.html

Regards,

Mat.

----------

On Wednesday 14th May, 2003, Bill Cerveny wrote:

This was also the engineer's point -- he felt IPv4 DHCP was broken in this
manner and this broken behavior was being perpetuated via IPv6 router
advertisements.

I did find a mention of something similar to this problem in an IETF
Internet-draft for proposed extensions to router advertisements at
<http://www.ietf.org/internet-drafts/draft-ietf-ipv6-router-selection-02.tx
t>, although no solutions were offered:

A malicious node could send Router Advertisement messages,
specifying High Default Router Preference or carrying specific
routes, with the effect of pulling traffic away from legitimate
routers. However, a malicious node could easily achieve this same
effect in other ways. For example, it could fabricate Router
Advertisement messages with zero Router Lifetime from the other
routers, causing hosts to stop using the other routes. Hence, this
document has no new appreciable impact on Internet infrastructure
security.

Bill

Reply to:

Prev by Date: Re: Recovering from multiple routers advertising routes
Next by Date: 6to4
Previous by thread: Re: Recovering from multiple routers advertising routes
Next by thread: 6to4
Index(es):
- Date
- Thread