{"draft":"draft-ietf-v6ops-ra-guard-implementation-07","doc_id":"RFC7113","title":"Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)","authors":["F. Gont"],"format":["ASCII","HTML"],"page_count":"13","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IPv6 Operations","abstract":"The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly\r\nemployed to mitigate attack vectors based on forged ICMPv6 Router\r\nAdvertisement messages.  Many existing IPv6 deployments rely on\r\nRA-Guard as the first line of defense against the aforementioned attack\r\nvectors.  However, some implementations of RA-Guard have been found\r\nto be prone to circumvention by employing IPv6 Extension Headers.\r\nThis document describes the evasion techniques that affect the\r\naforementioned implementations and formally updates RFC 6105, such\r\nthat the aforementioned RA-Guard evasion vectors are eliminated.","pub_date":"February 2014","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":["RFC6105"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7113","errata_url":null}