Itojun,
>
> ICMPv6 redirect has similar issue as ICMPv6 too big, and we can remedy
> the problem by using similar "upper limit" technique. could you please
> give some more detail with parameter problem?
>
I am not sure how ICMPv6 redirects could be used in such a DoS attack unless
the attacker was willing to be caught. Because redirects can't be forwarded
from off-link (the hop limit must be 255 when received) there is no way for
an attacker to mount a redirect based attack unless the attacking system
is on the same link as the target.
The requirement that all ND/RD messages be received with a hop limit of
255 is the only thing that makes it possible for ND to be minimally safe from
DoS attacks in the absence of real AH based authentication.
Absent that requirement there are many DoS attacks that can be mounted using
any of the ND/RD messages.
tim
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
