Re: Comments on draft-jinmei-ipv6-rfc2462bis-00.txt

[Pekka Savola <pekkas@netcore.fi>]

On Wed, 12 Nov 2003, Christian Huitema wrote:
> The section "5.4.5 When Duplicate Address Detection Fails" currently
> says:
> 
>    A tentative address that is determined to be a duplicate as described
>    above, MUST NOT be assigned to an interface and the node SHOULD log a
>    system management error.  If the address is a link-local address
>    formed from an interface identifier, the interface SHOULD be
>    disabled.
> 
> The part about disabling the interface enables a DOS attack: wait for a
> target to come on line and send a DAD packet, reply with a deliberate
> collision, and poof the target is disconnected from the network. 

Unless you haven't noted from SEND work, if you have access to the local
link, you can do pretty much everything anyway, so this is really not big 
news.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------