IPv6 RA-Guard evasion (and neighbor discovery monitoring) vulnerabilities

[Fernando Gont <fernando.gont () gmail com>]

Folks,

I've just published two new IETF Internet-Drafts, that document the
problem of RA-Guard evasion, and propose mitigations.

They are two Internet-Drafts:

* "IPv6 Router Advertisement Guard (RA-Guard) Evasion", available at:
http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt

* "Security Implications of the Use of IPv6 Extension Headers with IPv6
Neighbor Discovery", available at:
http://tools.ietf.org/id/draft-gont-6man-nd-extension-headers-00.txt

The motivation for publishing these documents now (and not earlier or
later) is discussed in the first I-D. ;-)

Any comments on these documents will be more than welcome.

P.S.: In case you are not already doing it, please consider
participating in the relevant IETF working groups (v6ops and 6man) by
subscribing to the corresponding mailing-lists (see
https://www.ietf.org/mailman/listinfo/v6ops and
https://www.ietf.org/mailman/listinfo/ipv6).

Thanks!

Best regards,
--
Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1