By: Robert Lemos
Only a few weeks after researchers raised the design issue in the next-generation Internet protocol, two drafts to the Internet Engineering Task Force propose different fixes.
This week, experts sent two drafts to the Internet Engineering Task Force (IETF)--the technical standards-setting body for the Internet -- proposing different ways of fixing a problem in the way that Internet Protocol version 6 (IPv6) allows the source of network data to determine its path through the network. The drafts recommend that the IPv6 feature should either be eliminated or, at the very least, disabled by default.
The specification, known as the Type 0 Routing Header (RH0), allows computers to tell IPv6 routers to send data by a specific route. Originally envisioned as a way to let mobile users to retain a single IP for their devices, the feature has significant security implications. During a presentation at the CanSecWest conference on April 18, researchers Philippe Biondi and Arnaud Ebalard pointed out that RH0 support allows attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80. (...)
The RH0 security issues has its roots in the current Internet protocol implementation. The specification for IPv4 allows the sender of data to specify one or more routers through which the data must travel. Known as source routing, the technique allows up to 9 other addresses to be included in an IPv4's extended header, requesting that the packet be routed through those specific addresses. While source routing can be beneficial for diagnostics, it can also be used to amplify a denial-of-service attack by a factor of 10 by alternating two target Internet addresses in the header, ping-ponging the data between two machines.
While source routing has been accepted as a bad security risk by most companies and most routers disable the feature by default, the IETF has not eliminated the option from the specification and extended it to IPv6.