mailing list archives
Re: Ra-Guard evasion (new Internet-Drafts)
From: Marc Heuse <mh () mh-sec de>
Date: Wed, 01 Jun 2011 12:57:46 +0200
to quote from your drafts:
As part of the project "Security Assessment of the Internet Protocol
version 6 (IPv6)" [CPNI-IPv6], we devised a number of techniques for
circumventing the RA-Guard protection, which are described in the
following sections of this document. These techniques, and the
corresponding tools to assess their effectiveness, had so far been
made available only to vendors, in the hopes that they could
implement counter-measures before they were publicly disclosed.
However, since there has been some public discussion about these
issues, it was deemed as appropiate to publish the present document.
this surprised me for two things.
First: Cisco was not aware. So you tell you discovered this issue as
well and you informed vendors, but the only vendor who really has RA
support so far is Cisco, and they did not know. I informed them.
So I recommend that you don't keep your findings to your group but
actively inform the vendors about that, and that not via an Internet draft.
Second: it is always a race who is credited as the finder of an issue.
As anybody can claim he had the vulnerability in his drawers for years,
only the person who publishes it gets the credit, so sorry :-)
I had my attack tool since beginning of January :-) - which is pretty
sure before your group discovered that, and I published first :-)
that being said I have started to inform vendors of two new IPv6
vulnerability types now, and nobody has told them about these before either.
But nontheless - good work, good draft proposals, thats the way to go
with the issue.
I've just published two new IETF Internet-Drafts, that document the
problem of RA-Guard evasion, and propose mitigations.
They are two Internet-Drafts:
* "IPv6 Router Advertisement Guard (RA-Guard) Evasion", available at:
* "Security Implications of the Use of IPv6 Extension Headers with IPv6
Neighbor Discovery", available at:
The motivation for publishing these documents now (and not earlier or
later) is discussed in the first I-D. ;-)
Any comments on these documents will be more than welcome.
Marc Heuse - IT-Security Consulting
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
- Re: Ra-Guard evasion (new Internet-Drafts) Marc Heuse (Jun 01)