On Jul 24, 2014, at 6:17 PM, Michael Richardson <[email protected]> wrote:
> > Lorenzo spoke at the mic about a "drive-by" attack on an IPv4-only network. > I just want to make it clear about who and how people is impacted. > 1) It's an IPv4-only network. > 2) It has "modern" hosts, built after publication of > draft-ietf-sunset4-noipv4. > 3) It's open to some form of attackers. Specifically, the network has to allow an arbitrary host to send an IPv6 RA. Doesn't that open the network to a pile of attacks, including an attacker-controlled IPv6 DNS server (RFC6106) and attacker-controlled IPv6 default route? -d > > So the "Starbucks" coffee-shop network of 2018. > It seems somewhat realistic to me. > > I'm excluding home wifi networks, because I assume that they are either > layer-2 secure, or can identify brother/sister attacks through other means. > > The attacker sends a number of IPv6 RAs per second. > They don't have to use a lot of bandwidth to do this; they just need to to > beat the newly booting/connecting host's emitting a DHCPv4 DISCOVER. > > The host, ignoring that this is a hint, has to suppress *all* DHCPv4 DISCOVER > messages when it sees the RA noipv4 option. > > If the host has successfully sent a DISCOVERY message, it might get an DHCPv4 > OFFER, which may or may not be bogus (maybe the RA is legit and the DHCP is > bogus), and if it does, it would assume that there is v4, and would configure > IPv4. > > I think that Lorenzo's concerns are real. > He feels, I think, that given the degree to which the noipv4 option would be > a hint to do DHCPv4 less often, rather than to turn it off completely, that > it would therefore become useless. > > My understanding is that the problem with DHCPv4 discovers is that they are > layer-2 broadcasts, and just asking it killing some larger networks that were > trying to benefit from savings by deploying IPv6. > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > sunset4 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sunset4 _______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
