Hi, Here is a new version of my "Stateless ND" draft, although a significant amount of it has changed.
During an off-list discussion with Ray Hunter, I came realise that calling it "Stateless ND" was too general, as it implied that all of the ND functions were being made stateless. I realised that what I was actually describing was making the discovery of the presence of neighbors (which I've called "Neighbor Presence Discovery") stateless when a ND DoS Attack appeared to be occurring. Consequently I needed to rewrite a fair bit of the text describing the problem. The other changes are - o don't ignore Neighbor Advertisements that may be part of a previous stateful neighbor discovery transaction o use a count down timer to allow outstanding SLNPD transactions to complete o mention issues regarding trusting packet attributes My thanks to the reviewers. Further review welcome and appreciated. Regards, Mark. ----- Forwarded Message ----- > From: "internet-dra...@ietf.org" <internet-dra...@ietf.org> > To: markzzzsm...@yahoo.com.au > Cc: > Sent: Thursday, 21 February 2013 6:14 AM > Subject: New Version Notification for > draft-smith-6man-mitigate-nd-cache-dos-slnd-06.txt > > > A new version of I-D, draft-smith-6man-mitigate-nd-cache-dos-slnd-06.txt > has been successfully submitted by Mark Smith and posted to the > IETF repository. > > Filename: draft-smith-6man-mitigate-nd-cache-dos-slnd > Revision: 06 > Title: Mitigating IPv6 Neighbor Discovery DoS Attack Using Stateless > Neighbor Presence Discovery > Creation date: 2013-02-20 > Group: Individual Submission > Number of pages: 14 > URL: > http://www.ietf.org/internet-drafts/draft-smith-6man-mitigate-nd-cache-dos-slnd-06.txt > Status: > http://datatracker.ietf.org/doc/draft-smith-6man-mitigate-nd-cache-dos-slnd > Htmlized: > http://tools.ietf.org/html/draft-smith-6man-mitigate-nd-cache-dos-slnd-06 > Diff: > http://www.ietf.org/rfcdiff?url2=draft-smith-6man-mitigate-nd-cache-dos-slnd-06 > > Abstract: > One of the functions of IPv6 Neighbor Discovery is to discover > whether a specified neighbor is present. During the neighbor > presence discovery process state is created. A node's capacity for > this state can be intentionally exhausted to perform a denial of > service attack, known as the "Neighbor Discovery DoS Attack". This > memo proposes a stateless form of neighbor presence discovery to > prevent this Neighbor Discovery DoS Attack. > > > > > > > The IETF Secretariat > -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
