Thanks for all the replies - the check goes in. >From a MIB perspective, I guess those should count as "ipv6IfStatsInHdrErrors".
Regards, -- Nir Arad ----- Original Message ----- From: "Christian Huitema" <[EMAIL PROTECTED]> To: "Ignatios Souvatzis" <[EMAIL PROTECTED]> Cc: "IPng mailing list" <[EMAIL PROTECTED]> Sent: Tuesday, July 29, 2003 10:23 PM Subject: RE: IPv6 -> MAC multicast address mapping > > I can't think of a way this is a security problem - can you point this > out > > please? With the exception that a DOS might be mounted by sending > packets > > to the wrong MAC address that are later discarded... But you'll have > to > > stop them at the source, not at the receivers, to prevent the DOS. > > There is a class of attacks based on mismatches between MAC and IP > addressing. For example, if a node is a member of an IP group, it is > possible to send it a packet where the MAC destination is the unicast > MAC address of the node, while the IP destination is the group address. > Or vice versa, send a packet where the MAC destination is a multicast > address, but the IP destination is a unicast address. Hackers can use > the first technique to disrupt the operation of multicast groups, and > the second one to mount some forms of denial of service attacks. These > attacks require that the attacker be connected on the same link as a > target, but there are cases such as public access wireless where this > isn't much of a mitigation. (University dorms are also a great place for > such attacks.) > > -- Christian Huitema > > > -------------------------------------------------------------------- > IETF IPng Working Group Mailing List > IPng Home Page: http://playground.sun.com/ipng > FTP archive: ftp://playground.sun.com/pub/ipng > Direct all administrative requests to [EMAIL PROTECTED] > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
