tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ndp



Fernando Gont <fernando%gont.com.ar@localhost> writes:

> On 02/18/2013 06:57 AM, Ignatios Souvatzis wrote:
>> On Mon, Feb 18, 2013 at 07:40:58AM +0100,
>> 6bone%6bone.informatik.uni-leipzig.de@localhost wrote:
>>  
>>> exists there a maximum size of the ndp table? how can I determine
>>> the maximum number of entries?
>>>
>>> currently 'ndp -a | wc -l' reports 1492 entries and I am not sure if
>>> is a problem or not.
>> 
>> *Currently*, the ndp and the arp table are implemented as part of
>> the routing PATRICIA tree (but have link-level addresses instead of
>> network addresses as next-hop). So there's no limit different other
>> than the general routing table limitations. Hm, I think mostly
>> kernel memory limitations.
>
> That is actually a problem: it can be exploited for DoS purposes. --
> even a remote address scanning attack might cause that as a side effect.

That may be true of most uses of a routing-table like structure.  I
am inclined to keep mechanisms for limits on entries separate from the
data structure choice, because what I think we want is resilience
against attack and good performance in normal cases.

Attachment: pgpG3Hwzcfzyc.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index