Fernando Gont of SI6 Networks has been a VERY busy man lately! He and his colleagues and co-authors have recently updated a whole host of Internet-Drafts related to IPv6 security. In a post to the full-disclosure mailing list, Fernando provided his list that includes:
Network Reconnaissance in IPv6 Networks
Security Implications of IPv6 on IPv4 Networks
Virtual Private Network (VPN) traffic leakages in dual-stack
hosts/ networksSecurity Assessment of Neighbor Discovery (ND) for IPv6
DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers
Security Implications of IPv6 Fragmentation with IPv6
Neighbor DiscoverySecurity Implications of IPv6 options of Type 10xxxxxx
Security Implications of Predictable Fragment
Processing of IPv6 “atomic” fragments
Recommendations on filtering of IPv4 packets containing IPv4 options
Some of these are broader documents while some dive deep into specific issues or solutions. Altogether they do represent a great amount of work on IPv6 security issues, which is excellent and definitely needed as we continue to move to using more and more IPv6 in our networks.
Thanks to Fernando and the others involved in the work for getting these updated drafts out. If you have any comments on these drafts, I know that Fernando is always looking for feedback – his email address and contact info in Argentina can be found at the end of any of the drafts.