There’s been rather a lot of talk about RH0, that’s IPv6’s type 0 routing header. Broadly speaking, the header allowed you to list a set of places that the packet should go to before its final destination. In the book we commented that source routing
used to be a security hot button in IPv4, when authentication based on source IPv4 address was common and packet filtering was not.
The problems that we were thinking of were discussed at least going back to the in the mid 90s, and related to source routing allowing any host on the Internet to impersonate any other host and get the returned packets. Usually someone who is doing IP spoofing is making a blind attack, because the replies to the packets that they sent would not be routed back to them. With source routing, some IP stacks would reverse the route for the returned packets, allowing the attacker to get their hands on the replies. With network services like
rlogin being common, this was a big threat.
Some other firewall evasion attacks were also possible with source routed packets, but I think the IP spoofing attacks were most prominent in people’s minds.
It seems that IPv6 source routing has become a security hot button, but for a slightly different reason. As far as I know, no IPv6 stacks ever reversed the route, so the IP spoofing attacks have never been possible. The firewall evasion attacks are still there, which I don’t think surprised anyone. However, the attacks that caused RH0 to make the press are amplification attacks. The attacks were demonstrated by Philippe Biondi and Arnaud Ebalard and a nice summary was written by Geoff Huston.
Interest in amplification attacks has grown since attacks like the smurf attack appeared sometime around 1997 and particularly since denial of service attacks became big news. I’m not sure that when the original problems with IPv4 source routing were being discussed that amplification attacks were really considered seriously. I think the full impact of amplification attacks in the modern Internet, particularly with the proliferation of botnets, is yet to fully understood.
The outcome for IPv6 is that RH0 is now treated as a unknown header by many IPv6 implementations, and will probably be formally retired by the IETF shortly. Other types of routing header (particularly RH2, which is used by Mobile IPv6) should continue to be operate normally, as they do not pose the same risks. I think the remaining interesting question is how do we design a version of RH0 which is both safe and useful.