Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPv6/IPv6 threat Comparison Paper available for review

  • From: Iljitsch van Beijnum
  • Date: Tue May 11 05:34:50 2004

On 11-mei-04, at 11:19, itojun@iijlab.net wrote:

- Smurf

I don't think you mention that in IPv6, there are no mechanisms that
allow an incoming unicast packet to be turned into a broadcast or
multicast packet, and as such, smurf-like attacks are impossible.

	There are cases where malicious IPv6 packet leads to IPv4 smurf
	attack (due to wacky IPv4 mapped address and API).
	i think it worthwhile to look at threats due to IPv4/v6 interaction.
You can obviously craft an IPv6 packet that will be delivered to an IPv4 subnet broadcast address through 6to4 or some such, but unless the hosts that receive the subsequent broadcast (that shouldn't be generated unless v4 isn't properly administered in the first place so it's still not an IPv6 issue) reply with something, nothing is going to happen.

	draft-itojun-ipv6-transition-abuse-xx.txt
	draft-cmetz-v6ops-v4mapped-api-harmful-xx.txt
	draft-itojun-v6ops-v4mapped-harmful-xx.txt
Yeah, yeah, everything is harmful. I don't think having IPv4-specific and IPv6-specific code in applications is the answer, though.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.