Right. This is not a clean solution, but the only one that came to my mind, as
it does not disable the check completely.
If desired, an option for disabling the check completely could be an addition.
Not that I have a better suggestion than yours, but I don't like
whitelisting at the ip
Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago?
E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch
Am 07.05.2013 um 18:26 schrieb Stefan Sperling s...@openbsd.org:
On Tue, May 07, 2013 at 04:48:41PM +0200, Janne Johansson wrote:
this patch
Maby something along the lines of the 'nd6_onlink_ns_rfc4861' sysctl
flag mentioned at
http://www.freebsd.org/security/advisories/FreeBSD-SA-08:10.nd6.asc
could be used for the odd cases where it's needed?
This is an all-or-nothing approach. What about the option to provide the
known-good
3 matches
Mail list logo