* Philip Homburg: > First, let me make clear that I was thinking about remote attacks.
How would a remote attack work? > I think that's the most serious problem. If you have malicious hosts > directly attached you have bigger problems, and you have to use either > SeND or L2 filtering. On its own, neither SeND nor L2 filtering prevent any attacks on neighbor discovery. You need some sort of layering violation to tie endpoints to specific addresses, and nothing working exclusively on layer 2 or the IP layer can achieve that. Once you can make that connection, you can also limit the amount of processing power and state per identified endpoint. But without that, you have zero chance against a local attacker. -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
