[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 06 Jun 2012 07:36:53 -0300
From: Fernando Gont <fgont@...networks.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: New IETF I-D: (IPv6) "Neighbor Discovery Shield
(ND-Shield): Protecting against Neighbor Discovery Attacks"
Folks,
We have just published a new IETF I-D, entitled "Neighbor Discovery
Shield (ND-Shield): Protecting against Neighbor Discovery Attacks". This
is probably the last missing piece of the "ND mitigation" puzzle (the
others being RA-Guard and DHCPv6-Shield). This one mitigates attack
vectors based on RS, NS, NA, and Redirect messages.
The I-D is available at:
<http://tools.ietf.org/id/draft-gont-opsec-ipv6-nd-shield-00.txt>
For this version in particular, I'm mostly interested in hearing your
thoughts about the issues raised in the "DISCLAIMER" section -- although
detailed feedback is always welcome.
Our Twitter: @SI6Networks
Thanks!
Best regards,
Fernando
-------- Original Message --------
Subject: New Version Notification for draft-gont-opsec-ipv6-nd-shield-00.txt
Date: Tue, 05 Jun 2012 06:05:24 -0700
From: internet-drafts@...f.org
To: fgont@...networks.com
A new version of I-D, draft-gont-opsec-ipv6-nd-shield-00.txt has been
successfully submitted by Fernando Gont and posted to the IETF repository.
Filename: draft-gont-opsec-ipv6-nd-shield
Revision: 00
Title: Neighbor Discovery Shield (ND-Shield): Protecting against
Neighbor Discovery Attacks
Creation date: 2012-06-05
WG ID: Individual Submission
Number of pages: 22
Abstract:
This document specifies a mechanism that can be implemented in
layer-2 devices to mitigate attack vectors based on Neighbor
Discovery messages. It is meant to complement other mechanisms
implemented in layer-2 devices such as Router Advertisement Guard
(RA-Guard) and DHCPv6-Shield, with the goal of achieving a
comprehensive IPv6 First Hop Security solution. This document is
motivated by the desire to achieve feature parity with IPv4 with
respect to First Hop Security mechanisms.
The IETF Secretariat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists