IPv6 Maintenance J. Li Internet-Draft J. Fu Intended status: Standards Track X. Li Expires: January 14, 2021 Y. Cheng China Mobile July 13, 2020 IPv6 hosts detection draft-li-6man-6hosts-detection-00 Abstract The management of hosts and risks is important for enterprises that have large scale IP space. For IPv4, it won't take too long even to scan the entire Internet address space. For IPv6, further consideration is needed. A narrow range of IPv6 address is preferred for scanning. And in order to shorten the time for IPv6 scanning, a very specific IPv6 address list is highly needed. This document proposes a solution to solve the problem. At first, append the information of the collection point address to the Router Advertisement packet sent by the router, and announce this address information to all nodes in the subnet. Then, each host node report its own IPv6 address information to the designated collection point by using Echo Reply message. After that, the corresponding collection point device should save these information. In this way, online IPv6 address information in the current network can be quickly collected on the collection point device. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119][RFC8174]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any Li, et al. Expires January 14, 2021 [Page 1] Internet-Draft 6hosts detection July 2020 time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 14, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Router Advertisement Option Formats . . . . . . . . . . . 3 3.2. Echo Reply Message Format . . . . . . . . . . . . . . . . 4 4. Online Address Collection . . . . . . . . . . . . . . . . . . 5 4.1. Router Specification . . . . . . . . . . . . . . . . . . 5 4.1.1. Router Configuration Variables . . . . . . . . . . . 5 4.1.2. Router Advertisement Message Content . . . . . . . . 6 4.2. Host Specification . . . . . . . . . . . . . . . . . . . 6 4.2.1. Processing Received Router Advertisements and Sending Echo Reply . . . . . . . . . . . . . . . . . . . . . 6 4.3. Collection Point Specification . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 7.2. Informative References . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction IP scanning is widely used in cybersecurity to find out online hosts and detect risks. Detection for online IPv6 hosts quickly and effectively is much more complicated than IPv4. Complications arise both from IPv6's address assignment features, e.g., stateless address Li, et al. Expires January 14, 2021 [Page 2] Internet-Draft 6hosts detection July 2020 autoconfiguration (SLAAC, [RFC4862]), and from the large scale IP space. The management of IPv6 hosts is difficult. This document proposes a solution to shorten the time to scan IPv6. 2. Terminology This document uses the terminology defined in [[RFC4443]] and [[RFC4861]]. Host - any node that is not a router. Router - a node that forwards IP packets not explicitly addressed to itself. Node - a device that implements IP. In addition, there is a new term that is defined below. Collection Point - a device with a global IPv6 address that can store information. 3. Message Formats 3.1. Router Advertisement Option Formats Li, et al. Expires January 14, 2021 [Page 3] Internet-Draft 6hosts detection July 2020 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Valid Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Collection Point Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fields: Type 39. It is 8-bit identifier of the Collection Point option type. Length 3. Reserved This field is unused. It MUST be initialized to zero by the sender and MUST be ignored by the receiver. Valid Lifetime 32-bit unsigned integer. The length of time in seconds (relative to the time the packet is sent) that the address is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity. Collection Point Address A 128-bit IPv6 address of the Collection Point. 3.2. Echo Reply Message Format Li, et al. Expires January 14, 2021 [Page 4] Internet-Draft 6hosts detection July 2020 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier | Squence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data ... +-+-+-+-+-+-+-+ IPv6 Fields: Destination Address A 128-bit IPv6 address of the Collection Point. ICMPv6 Fields: Type 129 Code 0 Identifier 0xffff Sequence Number 1 Data Special tag content is set. The default value is COLLECTION ONLY 4. Online Address Collection 4.1. Router Specification 4.1.1. Router Configuration Variables AdvCollectionPoint A global IPv6 address to be placed in Collection Point Information options in Router Advertisement messages sent from the interface. Default: all Collection Point that the router advertises via routing protocols as being on-link for the interface from which the advertisement is sent. The link-local address SHOULD NOT be included in the list of advertised address. Each Collection Point has an associated: AdvValidLifetime The value to be placed in the Valid Lifetime in the Collection Point Information option, in seconds. The designated value of all 1's (0xffffffff) represents infinity. Li, et al. Expires January 14, 2021 [Page 5] Internet-Draft 6hosts detection July 2020 Implementations MAY allow AdvValidLifetime to be specified in two ways: - a time that decrements in real time, that is, one that will result in a Lifetime of zero at the specified time in the future, or - a fixed time that stays the same in consecutive advertisements. Default: 2592000 seconds (30 days), fixed(i.e., stays the same in consecutive advertisements). 4.1.2. Router Advertisement Message Content The details of the technical part of Router Advertisement of the router are the same as the relevant provisions in RFC 4861. When there is a Collection Point Address in the router, the router should carry the content information of Collection Point Address in the option of the Router Advertisement Message, with the message format given in Section 3.1. 4.2. Host Specification 4.2.1. Processing Received Router Advertisements and Sending Echo Reply When a host receives the Router Advertisement sent by the router, and finds that there is the information of Collection Point Address in the Router Advertisement, the host delays a random time, and then an Echo Reply should be sent to Collection Point. The specific information of the Echo Reply packet is as follows. The destination address is the Collection Point Address, and the source address is the global unicast address of the host. The Data in the Echo Reply packet contains special tag content, which is COLLECTION ONLY defined in Section 3.2. The frequency of the Echo Reply packet sent by the host is the same as the frequency of receiving valid Router Advertisement packets which contains the information of Collection Point Address When the host interface is used as a router in any other network, the device needs to transfer the information of Collection Point Address received by the host to its AdvCollectionPoint parameter as a router node Li, et al. Expires January 14, 2021 [Page 6] Internet-Draft 6hosts detection July 2020 4.3. Collection Point Specification When the Collection Point receives an Echo Reply packet while it doesn't actively send any Echo Request packet, it should extract the source address of this Echo Reply packet, which should be a global unicast address. And save the source address by attaching the current system timestamp. 5. Security Considerations Because RAs are required in all IPv6 configuration scenarios, on IPv6-only networks, RAs must already be secured -- e.g., by deploying an RA-Guard [[RFC6105]]. Providing all configuration in RAs reduces the attack surface to be targeted by malicious attackers trying to provide hosts with invalid configuration, as compared to distributing the configuration through multiple different mechanisms that need to be secured independently. Connectivity to destinations reachable over IPv6 would not be impacted just by providing a host with an incorrect Collection Point address; however, if attackers are capable of sending rogue RAs, they can perform denial-of-service or man-in-the-middle attacks, as described in [[RFC6104]]. 6. IANA Considerations IANA has assigned a new IPv6 Neighbor Discovery Option type for the Collection Point option defined in this document in the "IPv6 Neighbor Discovery Option Formats" registry [IANA]. +-------------------------+------+ | Description | Type | +=========================+======+ | Collection Point option | 39 | +-------------------------+------+ Table 1: New IANA Registry Assignment 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Li, et al. Expires January 14, 2021 [Page 7] Internet-Draft 6hosts detection July 2020 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", STD 89, RFC 4443, DOI 10.17487/RFC4443, March 2006, . [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, DOI 10.17487/RFC4861, September 2007, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 7.2. Informative References [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007, . [RFC6104] Chown, T. and S. Venaas, "Rogue IPv6 Router Advertisement Problem Statement", RFC 6104, DOI 10.17487/RFC6104, February 2011, . [RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J. Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105, DOI 10.17487/RFC6105, February 2011, . Authors' Addresses Jiang Li China Mobile Beijing 100053 China Email: lijiang@chinamobile.com Jun Fu China Mobile Beijing 100053 China Email: fujun@chinamobile.com Li, et al. Expires January 14, 2021 [Page 8] Internet-Draft 6hosts detection July 2020 Xiaoxiao Li China Mobile Beijing 100053 China Email: lixiaoxiao@chinamobile.com Yexia Cheng China Mobile Beijing 100053 China Email: chengyexia@chinamobile.com Li, et al. Expires January 14, 2021 [Page 9]