IPv6 RA-Guard evasion (and neighbor discovery monitoring) vulnerabilities May 31 2011 09:23PM
Fernando Gont (fernando gont gmail com)

I've just published two new IETF Internet-Drafts, that document the
problem of RA-Guard evasion, and propose mitigations.

They are two Internet-Drafts:

* "IPv6 Router Advertisement Guard (RA-Guard) Evasion", available at:

* "Security Implications of the Use of IPv6 Extension Headers with IPv6
Neighbor Discovery", available at:

The motivation for publishing these documents now (and not earlier or
later) is discussed in the first I-D. ;-)

Any comments on these documents will be more than welcome.

P.S.: In case you are not already doing it, please consider
participating in the relevant IETF working groups (v6ops and 6man) by
subscribing to the corresponding mailing-lists (see
https://www.ietf.org/mailman/listinfo/v6ops and


Best regards,
Fernando Gont
e-mail: fernando (at) gont.com (dot) ar [email concealed] || fgont (at) acm (dot) org [email concealed]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus