The purpose of the various exchange and triggering mechanism I describe
in the last section are to enable the approach to be used before one has
upgraded all the hosts on the subnet. With the RS retransmission to
enable reliable discovery by the router, the rest probably become
harmless but unimportant.
Yours,
Joel
On 10/24/2011 9:28 AM, Joel jaeggli wrote:
Sorry meant to actually reply.
I'm curious, essentially what the implications are for interaction
between an existing implimentation in a host, and an nd implimentation
which no longer does discovery.
On 10/24/11 06:21 , Joel jaeggli wrote:
On 10/21/11 07:44 , Joel M. Halpern wrote:
I would like to call people's attention to the draft below.
I would like to hear from folks as to what they think of this complement
to some of the existing work on the ND based denial of service attack.
I do not intend to present this at the WG meeting, as I would like a
chance to hear from folks first.
Yours,
Joel
-------- Original Message --------
Subject: I-D Action: draft-halpern-6man-nddos-mitigation-00.txt
Date: Mon, 17 Oct 2011 14:17:09 -0700
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Mitigating Neighbor Discovery Based Denial of
Service Attacks
Author(s) : Joel M. Halpern
Filename : draft-halpern-6man-nddos-mitigation-00.txt
Pages : 6
Date : 2011-10-17
It has been observed that with the large space of IPv6 addresses
within a subnet, remote attackers can send packets that saturate a
rotuers ND cache, and potentially saturate a subnet with ND
Soliciation messages as well. Some operational techniques and small
protocol adjustments have been proposed that can help alleviate this
problem. This draft proposes a slightly more drastic optional
behavior for routers, which can nearly eliminate this problem.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-halpern-6man-nddos-mitigation-00.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-halpern-6man-nddos-mitigation-00.txt
_______________________________________________
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------