I would like get clarification to section 5.5.3 (e): what is supposed
to happen with the preferred lifetime? Do the two hour checks apply to
it too? [if not, then DOS can force all addresses into deprecated
state].
However, I have some doubts whether this two-hour rules gives any
protection against DOS attacks. Anyone can read the RFC, and note:
"Ok, that won't work, but let's try some other things...", like
fake a number of RA's from same or different routers, with *LOTS* of
different prefixes
=> Either the target nodes runs out of memory or if there is upper
limit of prefixes (like I have), they overwrite existing valid ones
or prevent new ones from being entered. Any ideas how to prevent
this?
Perhaps one should only rely that the "official" routers monitor the
RA's and raise an alarm, if they see unknown routers or inconsitent
information? Anyone trying to DOS from the local net would quickly be
caught?
Of course, there is the IPSEC, but...
seems that only manual SA's will work (can't run IKE for this). (For
RA's, a single unidirectional SA with DST=allnodes multicast would do
the trick, SA wouldn't need the src addres either, the same could be
used by all routers).
=> the keys must be widely known so that valid users can install their
machines on the net. Not too secure, but I suppose better than
nothing.
After RA's are passing securely, things get easier, because you can
start using IKE in some cases. It's a kind of bootstrapping process
that needs to be designed...?
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
