Lorenzo spoke at the mic about a "drive-by" attack on an IPv4-only network. I just want to make it clear about who and how people is impacted. 1) It's an IPv4-only network. 2) It has "modern" hosts, built after publication of draft-ietf-sunset4-noipv4. 3) It's open to some form of attackers.
So the "Starbucks" coffee-shop network of 2018. It seems somewhat realistic to me. I'm excluding home wifi networks, because I assume that they are either layer-2 secure, or can identify brother/sister attacks through other means. The attacker sends a number of IPv6 RAs per second. They don't have to use a lot of bandwidth to do this; they just need to to beat the newly booting/connecting host's emitting a DHCPv4 DISCOVER. The host, ignoring that this is a hint, has to suppress *all* DHCPv4 DISCOVER messages when it sees the RA noipv4 option. If the host has successfully sent a DISCOVERY message, it might get an DHCPv4 OFFER, which may or may not be bogus (maybe the RA is legit and the DHCP is bogus), and if it does, it would assume that there is v4, and would configure IPv4. I think that Lorenzo's concerns are real. He feels, I think, that given the degree to which the noipv4 option would be a hint to do DHCPv4 less often, rather than to turn it off completely, that it would therefore become useless. My understanding is that the problem with DHCPv4 discovers is that they are layer-2 broadcasts, and just asking it killing some larger networks that were trying to benefit from savings by deploying IPv6. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpG6bZdLVCkA.pgp
Description: PGP signature
_______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
