论文信息 - Security Considerations for 6to4

Security Considerations for 6to4

The IPv6 interim mechanism 6to4 (RFC3056) uses automatic IPv6-over- IPv4 tunneling to interconnect IPv6 networks. The architecture includes 6to4 routers and 6to4 relay routers, which accept and decapsulate IPv4 protocol-41 ("IPv6-in-IPv4") traffic from any node in the IPv4 internet. This characteristic enables a number of security threats, mainly Denial of Service. It also makes it easier for nodes to spoof IPv6 addresses. This document discusses these issues in more detail and suggests enhancements to alleviate the problems. This memo provides information for the Internet community.

Pekka Savola | Chirayu Patel | P. Savola | Chirayu Patel

[1] Paul Ferguson,et al. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2] Erik Nordmark,et al. Basic Transition Mechanisms for IPv6 Hosts and Routers , 2005, RFC.

[3] Brian E. Carpenter,et al. Connection of IPv6 Domains via IPv4 Clouds , 2001, RFC.

[4] Scott O. Bradner,et al. Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[5] Internet Assigned Numbers Authority. Special-Use IPv4 Addresses , 2002, RFC.

[6] Pekka Nikander,et al. IPv6 Neighbor Discovery (ND) Trust Models and Threats , 2004, RFC.

[7] William Allen Simpson,et al. IP in IP Tunneling , 1995, RFC.

[8] Fred Baker,et al. Requirements for IP Version 4 Routers , 1995, RFC.

[9] Pekka Savola,et al. Security of IPv6 Routing Header and Home Address Options , 2002 .

[10] Christian Huitema,et al. An Anycast Prefix for 6to4 Relay Routers , 2001, RFC.

[11] Pekka Nikander,et al. SEcure Neighbor Discovery (SEND) , 2005, RFC.

[12] Erik Nordmark,et al. Transition Mechanisms for IPv6 Hosts and Routers , 1996, RFC.

[13] Steven M. Bellovin,et al. ICMP Traceback Messages , 2003 .