Full Disclosure mailing list archives

New IETF I-D: (IPv6) "Neighbor Discovery Shield (ND-Shield): Protecting against Neighbor Discovery Attacks"

From: Fernando Gont <fgont () si6networks com>
Date: Wed, 06 Jun 2012 07:36:53 -0300

Folks,

We have just published a new IETF I-D, entitled "Neighbor Discovery
Shield (ND-Shield): Protecting against Neighbor Discovery Attacks". This
is probably the last missing piece of the "ND mitigation" puzzle (the
others being RA-Guard and DHCPv6-Shield). This one mitigates attack
vectors based on RS, NS, NA, and Redirect messages.

The I-D is available at:
<http://tools.ietf.org/id/draft-gont-opsec-ipv6-nd-shield-00.txt>

For this version in particular, I'm mostly interested in hearing your
thoughts about the issues raised in the "DISCLAIMER" section -- although
detailed feedback is always welcome.

Our Twitter: @SI6Networks

Thanks!

Best regards,
Fernando




-------- Original Message --------
Subject: New Version Notification for draft-gont-opsec-ipv6-nd-shield-00.txt
Date: Tue, 05 Jun 2012 06:05:24 -0700
From: internet-drafts () ietf org
To: fgont () si6networks com

A new version of I-D, draft-gont-opsec-ipv6-nd-shield-00.txt has been
successfully submitted by Fernando Gont and posted to the IETF repository.

Filename:        draft-gont-opsec-ipv6-nd-shield
Revision:        00
Title:           Neighbor Discovery Shield (ND-Shield): Protecting against
Neighbor Discovery Attacks
Creation date:   2012-06-05
WG ID:           Individual Submission
Number of pages: 22

Abstract:
   This document specifies a mechanism that can be implemented in
   layer-2 devices to mitigate attack vectors based on Neighbor
   Discovery messages.  It is meant to complement other mechanisms
   implemented in layer-2 devices such as Router Advertisement Guard
   (RA-Guard) and DHCPv6-Shield, with the goal of achieving a
   comprehensive IPv6 First Hop Security solution.  This document is
   motivated by the desire to achieve feature parity with IPv4 with
   respect to First Hop Security mechanisms.





The IETF Secretariat

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

New IETF I-D: (IPv6) "Neighbor Discovery Shield (ND-Shield): Protecting against Neighbor Discovery Attacks" Fernando Gont (Jun 06)