[rfc2462bis issue 276] possible DoS due to the two-hour rule (Re: [2462bis] preferred lifetime and the 'two-hour' rule)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[rfc2462bis issue 276] possible DoS due to the two-hour rule (Re: [2462bis] preferred lifetime and the 'two-hour' rule)

To: Erik Nordmark <Erik.Nordmark at sun.com>
Subject: [rfc2462bis issue 276] possible DoS due to the two-hour rule (Re: [2462bis] preferred lifetime and the 'two-hour' rule)
From: JINMEI Tatuya / $B?@L at C#:H(B <jinmei at isl.rdc.toshiba.co.jp>
Date: Fri, 06 Feb 2004 12:02:36 +0900
Cc: ipv6 at ietf.org
In-reply-to: <Roam.SIMC.2.0.6.1076031644.2773.nordmark@bebop.france>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: IP Version 6 Working Group (ipv6) <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>,<mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>,<mailto:ipv6-request@ietf.org?subject=unsubscribe>
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
References: <y7vn07yp60d.wl@ocean.jinmei.org> <Roam.SIMC.2.0.6.1076031644.2773.nordmark@bebop.france>
Sender: ipv6-admin at ietf.org
User-agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI)

I changed the subject because I believe this is a separate issue.

>>>>> On Thu, 5 Feb 2004 17:40:44 -0800 (PST), 
>>>>> Erik Nordmark <Erik.Nordmark@sun.com> said:

>> This issue was originally posted by Ken Powell in February 2000:

>> I was able to force the preferred lifetime to zero by reconfiguring
>> a router to send advertisements with near-zero lifetimes, but the
>> valid lifetime couldn't be reduced below two hours. 

> Question: did advertizing the prefix with both lifetimes = 0 not
> mean that the hosts stopped thinking that the prefix was on-link?

Ahh, another good catch.  RFC2461 clearly says this point:

   Stateless address autoconfiguration [ADDRCONF] may in some
   circumstances increase the Valid Lifetime of a prefix or ignore it
   completely in order to prevent a particular denial of service attack.
   However, since the effect of the same denial of service targeted at
   the on-link prefix list is not catastrophic (hosts would send packets
   to a default router and receive a redirect rather than sending
   packets directly to a neighbor) the Neighbor Discovery protocol does
   not impose such a check on the prefix lifetime values.
(Section 6.3.4)

So, this is actually a non-issue.  And, in fact, I've implemented the
prefix information processing this way, but I totally forgot it...

We may probably want to add a similar note in rfc2462bis, but my
current impression is that the note in RFC2461 is enough.

So, I'll basically do nothing on this.

Thanks,

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

References:
- Re: [2462bis] preferred lifetime and the 'two-hour' rule
  - From: JINMEI Tatuya / 神明達哉
- Re: [2462bis] preferred lifetime and the 'two-hour' rule
  - From: Erik Nordmark

Prev by Date: Re: [2462bis] preferred lifetime and the 'two-hour' rule
Next by Date: Re: [rfc2462bis issue 274] conflict between MLD and NS delay
Previous by thread: Re: [2462bis] preferred lifetime and the 'two-hour' rule
Next by thread: RE: [2462bis] preferred lifetime and the 'two-hour' rule
Index(es):
- Date
- Thread

[rfc2462bis issue 276] possible DoS due to the two-hour rule (Re: [2462bis] preferred lifetime and the 'two-hour' rule)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.