2010/2/2 Dusan Mudric <dmud...@avaya.com>: > Hi, > > Is there a mechanism to protect against a denial of service attack using > prefixes with very small Valid Lifetimes? RFC 2462, section 5.5.3 e) talks > about it but does not seam to cover the scenario where: > > 1) A user defines a small Preferred and Valid Lifetimes (i.e., 10sec and > 15sec), and > > 2) The initial Router Advertisement message has very small Preferred and > Valid Lifetimes for a Prefix, and > > 3) The received Lifetime is equal to Stored Lifetime.
This sounds like privacy addresses, only on a shorter timescale. > > With the small lifetime, address expires quickly and is created soon after. > Applications using this address go up and down periodically and get into > trouble. do you mean: o attack on the router o client side changes, so the server can't block the user's IP, since it's changing 'rapidly' o server side changes, so the server has to track also dns updates such that the remote users/clients can continue to find the server reliably your problem statement is a tad vague. -chris > Have this issue already been addressed? > > Regards, > > Dušan Mudrić > > Software Architect > > Avaya > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
