[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [savi] Links with both SAVI-capable and legacy switches

From: Christian Vogt <christian.vogt at ericsson.com>
To: yaoguang <yaoa02 at mails.tsinghua.edu.cn>
Cc: 'SAVI Mailing List' <savi at ietf.org>
Date: Fri, 13 Feb 2009 20:25:24 -0800
In-reply-to: <001801c98e59$4fe4ad70$efae0850$ at tsinghua.edu.cn>
References: <001201c98670$92972d50$b7c587f0$ at tsinghua.edu.cn> <AF92C454-2C70-4D01-9E69-F9D83009CC8C at ericsson.com> <001801c98e59$4fe4ad70$efae0850$ at tsinghua.edu.cn>

Guang Yao wrote:

Many kinds of attacks can be designed in this situation. For instance,
send spoofing NA to prevent other hosts behind SAVI devices to get
stateless addresses.


I don't agree.  The attack you mention is impossible if SAVI devices
drop NA packets for which the target address has no corresponding
binding -- as I described in an earlier email.  It is irrelevant whether
the attacker is the only node on its SAVI switch port, or whether the
attacker is on a link segment that connects to a SAVI switch port via
legacy switches.

- Christian

References:
- Re: [savi] Links with both SAVI-capable and legacy switches
  - From: Christian Vogt

Prev by Date: Re: [savi] Links with both SAVI-capable and legacy switches
Next by Date: Re: [savi] Binding establishment based on data or control packets?
Previous by thread: Re: [savi] Links with both SAVI-capable and legacy switches
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.