Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations

Nakibly, Gabi; Templin, Fred

doi:10.17487/rfc6324

Cited by 11 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This attack [9] exploits the assumption that destination address of IPv6 packet is valid and reachable via tunnel. The attacker creates an IPv6 packet with a destination address that doesn't exist.…”

Section: Routing Loop Attackmentioning

confidence: 99%

“…Similarly, spoof attack can use a source address that does not exist. Hence, a router must verify the existence of source and destination nodes [9] before forwarding it further on the tunnel. One way to verify is to check neighbor cache to see if a valid entry exists for that address.…”

Section: A Using Dual Stack As Preferred Transition Mechanismmentioning

confidence: 99%

“…of edge routers in a network acting as end-point of various tunnels. The attack can be surely prevented if only one tunnel [9] is allowed to operate in the network.…”

Section: A Using Dual Stack As Preferred Transition Mechanismmentioning

confidence: 99%

See 2 more Smart Citations

Review of Security Issues in IPv6 based Networks

2017

IJARCSSE

View full text Add to dashboard Cite

Abstract-The pace of growing Internet population has resulted in the exponential demand rate of IP addresses. IPv6 came as a solution to the depleting address space and various other problems of IPv4. However, the co-existence of these protocols has created some unpredictable challenges, security being the foremost. IETF developed some transition ways to supply seamless communication in such a varied atmosphere. Since IPv6 is not globally adopted, its co-existence with the IPv4 protocol will be best exploited by the black-hat community. This paper addresses the vulnerabilities of IPv6 based networks in the current Internet scenario and recommends various methods, techniques and security policies to prevent these security threats.

show abstract

Section: Routing Loop Attackmentioning

confidence: 99%

Section: A Using Dual Stack As Preferred Transition Mechanismmentioning

confidence: 99%

See 1 more Smart Citation

Review of Security Issues in IPv6 based Networks

2017

IJARCSSE

View full text Add to dashboard Cite

show abstract

“…Routing loop attacks that may exist in some "automatic tunneling" scenarios are documented in [RFC6324]. No opportunities for routing loop attacks have been identified with 4rd.…”

Section: Routing Loop Attacksmentioning

confidence: 99%

IPv4 Residual Deployment via IPv6 - A Stateless Solution (4rd)

Chen¹,

Chen²,

Jiang³

et al. 2015

View full text Add to dashboard Cite

“…A risk of routing-loop attacks has been identified in [RFC6324]. Without taking precautions, it applies to some combinations of automatic-tunnel mechanisms such as 6to4, the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 6rd, and Teredo.…”

Section: Denial Of Servicementioning

confidence: 99%

Native IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment (6a44)

Wing¹,

Despres²,

Jiang³

et al. 2012

View full text Add to dashboard Cite

In customer sites having IPv4-only Customer Premises Equipment (CPE), Teredo (RFC 4380, RFC 5991, RFC 6081) provides last-resort IPv6 connectivity. However, because it is designed to work without the involvement of Internet Service Providers, it has significant limitations (connectivity between IPv6 native addresses and Teredo addresses is uncertain; connectivity between Teredo addresses fails for some combinations of NAT types). 6a44 is a complementary solution that, being based on ISP cooperation, avoids these limitations. At the beginning of 6a44 IPv6 addresses, it replaces the Teredo well-known prefix, present at the beginning of Teredo IPv6 addresses, with network-specific /48 prefixes assigned by local ISPs (an evolution similar to that from 6to4 to 6rd (IPv6 Rapid Deployment on IPv4 Infrastructures)). The specification is expected to be complete enough for running code to be independently written and the solution to be incrementally deployed and used.

show abstract

Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations

Cited by 11 publications

References 12 publications

Review of Security Issues in IPv6 based Networks

Review of Security Issues in IPv6 based Networks

IPv4 Residual Deployment via IPv6 - A Stateless Solution (4rd)

Native IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment (6a44)

Contact Info

Product

Resources

About