Hi Dusan,
It is not clear to me where the denial of service occurs. This is
just a configuration error on the router (to have such small lifetimes).
NOTE: RFC2462 has been obsoleted by RFC4862.
Cheers
Suresh
On 10-02-02 12:37 PM, Dusan Mudric wrote:
Hi,
Is there a mechanism to protect against a denial of service attack using
prefixes with very small Valid Lifetimes? RFC 2462, section 5.5.3 e)
talks about it but does not seam to cover the scenario where:
1) A user defines a small Preferred and Valid Lifetimes
(i.e., 10sec and 15sec), and
2) The initial Router Advertisement message has very small
Preferred and Valid Lifetimes for a Prefix, and
3) The received Lifetime is equal to Stored Lifetime.
With the small lifetime, address expires quickly and is created soon
after. Applications using this address go up and down periodically and
get into trouble.
Have this issue already been addressed?
Regards,
Duan Mudric'
Software Architect
Avaya
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------