lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 06 Jun 2012 07:36:53 -0300
From: Fernando Gont <fgont@...networks.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: New IETF I-D: (IPv6) "Neighbor Discovery Shield
 (ND-Shield): Protecting against Neighbor Discovery Attacks"

Folks,

We have just published a new IETF I-D, entitled "Neighbor Discovery
Shield (ND-Shield): Protecting against Neighbor Discovery Attacks". This
is probably the last missing piece of the "ND mitigation" puzzle (the
others being RA-Guard and DHCPv6-Shield). This one mitigates attack
vectors based on RS, NS, NA, and Redirect messages.

The I-D is available at:
<http://tools.ietf.org/id/draft-gont-opsec-ipv6-nd-shield-00.txt>

For this version in particular, I'm mostly interested in hearing your
thoughts about the issues raised in the "DISCLAIMER" section -- although
detailed feedback is always welcome.

Our Twitter: @SI6Networks

Thanks!

Best regards,
Fernando




-------- Original Message --------
Subject: New Version Notification for draft-gont-opsec-ipv6-nd-shield-00.txt
Date: Tue, 05 Jun 2012 06:05:24 -0700
From: internet-drafts@...f.org
To: fgont@...networks.com

A new version of I-D, draft-gont-opsec-ipv6-nd-shield-00.txt has been
successfully submitted by Fernando Gont and posted to the IETF repository.

Filename:	 draft-gont-opsec-ipv6-nd-shield
Revision:	 00
Title:		 Neighbor Discovery Shield (ND-Shield): Protecting against
Neighbor Discovery Attacks
Creation date:	 2012-06-05
WG ID:		 Individual Submission
Number of pages: 22

Abstract:
   This document specifies a mechanism that can be implemented in
   layer-2 devices to mitigate attack vectors based on Neighbor
   Discovery messages.  It is meant to complement other mechanisms
   implemented in layer-2 devices such as Router Advertisement Guard
   (RA-Guard) and DHCPv6-Shield, with the goal of achieving a
   comprehensive IPv6 First Hop Security solution.  This document is
   motivated by the desire to achieve feature parity with IPv4 with
   respect to First Hop Security mechanisms.





The IETF Secretariat

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ