Saturday, 12 March 2016

IETF RFC 7707: Network Reconnaissance in IPv6 Networks


The IETF has just published RFC 7707, authored by Fernando Gont and Tim Chown. This RFC could probably be considered the "bible" of "IPv6 Network Reconnaissance", describing the state of the art in IPv6 Network Reconnaissance.

Besides its value in terms of analyzing a plethora of vectors for IPv6 network reconnaissance, this document has been valuable for triggering other work in the area of IPv6 addressing. Namely,

  • "Recommendation on Stable IPv6 Interface Identifiers" (draft-ietf-6man-default-iids)
  • "Security and Privacy Considerations for IPv6 Address Generation Mechanisms" (RFC 7721)
  • "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)" (RFC7217)

These efforts are in the process of formally updating IPv6 Stateless Address Autoconfiguration (SLAAC) in the hopes of mitigating a number of security and privacy issues arising from traditional IPv6 SLAAC (which typically embeds link-layer addresses in the Interface Identifiers), and has already led to changes in Linux implementation of SLAAC, thanks to the work of Hannes Frederic Sowa and others in NetworkManager and the Linux Kernel.

Enough said! -- Please take a look at RFC 7707.