On Wed, 3 Aug 2005, Mark Smith wrote:
Hi Greg,
On Wed, 03 Aug 2005 01:48:42 +1000
Greg Daley <[EMAIL PROTECTED]> wrote:
Hi,
<snip>
At the moment there's no security for MLD, but the risk is
limited to link-local addresses which are not vulnerable to
off-link attacks.
Until malware, delivered as an email payload or via a socially
engineered HTTP download, or some other "higher-than-layer-3/4" method
takes advantage of that capability to discover nodes, and then do what
ever it wants to them e.g. DoS them, or "call home" and then act as a
relay betweem the offsite node and these link-local devices etc.
I don't think the "on-link" limitation is all that much of one
unfortunately.
Agree, but we should not destroy this "on-link" limitation...
I'm loath to introduce a more generic function like
this which exposes global IPv6 addresses, unless there is
verifiable trust available to the nodes, before they are
forced to respond.
Agree.
Regards,
Janos Mohacsi
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------