1. Introduction

[RFC 2460] defines an IPv6 extension header called "Routing Header", identified by a Next Header value of 43 in the immediately preceding header. A particular Routing Header subtype denoted as "Type 0" is also defined. Type 0 Routing Headers are referred to as "RH0" in this document.

A single RH0 may contain multiple intermediate node addresses, and the same address may be included more than once in the same RH0. This allows a packet to be constructed such that it will oscillate between two RH0-processing hosts or routers many times. This allows a remote attacker to use the IPv6 source routing mechanism to cause traffic to be amplified over a remote path, potentially generating significant denial-of-service traffic.

This attack is particularly serious in that it affects the entire path between the two nodes, not only the two nodes themselves.

The severity of this attack and the ease with which it can be carried out make it necessary to deprecate RH0 entirely. This document updates [RFC 2460] and [RFC 4294] accordingly.