Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-08 Thread Michael Richardson
Tianran Zhou wrote: > What if we ask for symmetric request and response? I.e., carry reserved > bytes in the request packet. That would make me happier actually. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide si

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-07 Thread Tal Mizrahi
Michael, Please note the following sentence in the security considerations section: "the amplification effect in this case is similar to ICMPv6 error message, and specifically similar to Traceroute." Sending a Loopback causes the exact same amplification as invoking the last packet of Traceroute,

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-07 Thread Tianran Zhou
Hi Michael, What if we ask for symmetric request and response? I.e., carry reserved bytes in the request packet. Tianran -Original Message- From: ipv6 [mailto:ipv6-boun...@ietf.org] On Behalf Of Michael Richardson Sent: Thursday, June 8, 2023 12:59 AM To: int-area@ietf.org; i...@ietf.o

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-07 Thread Michael Richardson
Despite what the Security Considerations suggests, this still looks ripe for use as an amplication attack to me. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-07 Thread Florian Obser
On 2023-06-07 11:42 UTC, Luigi IANNONE wrote: > For FreeBSD it looks like code MUST be 0 or the packet is dropped: > this is coming from KAME so everything that derives from there has this. E.g. it's also present in OpenBSD & NetBSD. > (file netinet6/icmp6.c line 550: > http://fxr.watson.org/f

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-07 Thread Luigi IANNONE
) goto badcode; Ciao L. > -Original Message- > From: Int-area On Behalf Of Justin Iurman > Sent: Wednesday, 7 June 2023 13:24 > To: Erik Kline ; Tal Mizrahi > Cc: int-area@ietf.org; i...@ietf.org > Subject: Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback &g

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-07 Thread Justin Iurman
On 6/7/23 08:06, Erik Kline wrote: Poking around the Linux kernel source, my reading of net/ipv6/icmp.c's icmpv6_rcv() is that it checks the type byte before dispatching to icmpv6_echo_reply(), and inside icmpv6_echo_reply() I'm not seeing any checking of the code byte, so I'd assume (without tes

Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback

2023-06-06 Thread Erik Kline
Poking around the Linux kernel source, my reading of net/ipv6/icmp.c's icmpv6_rcv() is that it checks the type byte before dispatching to icmpv6_echo_reply(), and inside icmpv6_echo_reply() I'm not seeing any checking of the code byte, so I'd assume (without testing) that it just constructs a norma