论文信息 - Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations

Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations

This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between the IPv4 routing state and the IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures.

Gabi Nakibly | Fred L. Templin | F. Templin | Gabi Nakibly

[1] Brian E. Carpenter,et al. Connection of IPv6 Domains via IPv4 Clouds , 2001, RFC.

[2] Brian E. Carpenter,et al. Advisory Guidelines for 6to4 Deployment , 2011, RFC.

[3] Gabi Nakibly,et al. Routing Loop Attacks using IPv6 Tunnels , 2009, WOOT.

[4] Christian Huitema,et al. Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs) , 2006, RFC.

[5] Ralph E. Droms,et al. IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 , 2003, RFC.

[6] David Thaler,et al. Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) , 2005, RFC.

[7] Thomas Narten,et al. Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[8] Mark Handley,et al. Internet Denial-of-Service Considerations , 2006, RFC.

[9] Andrew Yourtchenko,et al. Dynamic Host Configuration Protocol for IPv6 (DHCPv6) , 2003, RFC.

[10] Yakov Rekhter,et al. Address Allocation for Private Internets , 1994, RFC.

[11] Erik Nordmark,et al. Basic Transition Mechanisms for IPv6 Hosts and Routers , 2005, RFC.

[12] Fernando Gont,et al. Mitigating Teredo Rooting Loop Attacks , 2010 .

[13] Ole Troan,et al. IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) - Protocol Specification , 2010, RFC.