On 01/28/10 04:16 AM, Joakim Aronius wrote:
* Erik Nordmark (erik.nordm...@sun.com) wrote:
Note that the RSs don't list all the hosts' IP addresses - the
source is a link-local address. Thus the logic in the router needs
to be able to compare just N low order bits. If a RS has been send
from
A quick thought on one of your points, before I go to bed :-)
On Thu, 28 Jan 2010 04:34:11 -0800
Erik Nordmark erik.nordm...@sun.com wrote:
On 01/28/10 03:49 AM, Mark Smith wrote:
Just to ensure we're on the same page, this checking of known Solicited
Node addresses would only be
* Erik Nordmark (erik.nordm...@sun.com) wrote:
Note that the RSs don't list all the hosts' IP addresses - the
source is a link-local address. Thus the logic in the router needs
to be able to compare just N low order bits. If a RS has been send
from link local fe80::0:1:2:3 then the router
On 01/28/10 04:53 AM, Mark Smith wrote:
Setting maximums for the incomplete neighbor cache entry was my
first thought. The drawback I'd be concerned about is that if that
limit is e.g. 1000, and an an attacker fills it up, then subsequent
legitimate requests get dropped. I'm hoping we can come
Hi Mark,
Just a quick note. If I understand your problem correctly, I'd suggest reading
the
following paper as it decsribes a mechanism to mitigate the ND DoS attack
launched from outside:
http://planete.inrialpes.fr/%7Eccastel/PAPERS/infocom05.pdf
Regards,
Wassim H.
On Jan 27, 2010, at
Mark,
On Jan 27, 2010, at 00:44 MST, Mark Smith wrote:
Hi,
There have been a few discussions on a few operational mailing lists in
the last few weeks about the use of longer than /64s on point-to-point
links.
One valid reason to do so is to mitigate a Neighbor Discovery DoS,
initiated
Hi,
There have been a few discussions on a few operational mailing lists in
the last few weeks about the use of longer than /64s on point-to-point
links.
One valid reason to do so is to mitigate a Neighbor Discovery DoS,
initiated by off-link sources sending traffic to incrementing