Re: ndp

To: tech-net%netbsd.org@localhost
Subject: Re: ndp
From: George Michaelson <ggm%pobox.com@localhost>
Date: Wed, 20 Feb 2013 00:52:25 +0000 (UTC)

On Tue, 19 Feb 2013 09:23:44 -0300, Fernando Gont wrote:

> That is actually a problem: it can be exploited for DoS purposes. --
> even a remote address scanning attack might cause that as a side effect.
> 
> Cheers,

I have accidentally participated in an apparent DoS like this, when a 
diagnostic 'is IPv6 working' account I hosted leaked to the wrong /32 and 
an ISP somewhere in South America started to get saturated by a walk 
across their announced space.

I believe there are commercial implementations of switch logic which do 
some kind of ageing out of the ND cache to set limits on growth. Maybe a 
Ptree for this stuff in NetBSD needs a timer, and a background process to 
mark/sweep idle entries.

-G

Follow-Ups:
- Re: ndp
  - From: David Laight
- Re: ndp
  - From: Lloyd Parkes
- Re: ndp
  - From: Lars Schotte

References:
- ndp
  - From: 6bone
- Re: ndp
  - From: Ignatios Souvatzis
- Re: ndp
  - From: Fernando Gont

Prev by Date: 2nd stab at ptree documentation
Next by Date: Re: ndp
Previous by Thread: Re: ndp
Next by Thread: Re: ndp
Indexes:

Home | Main Index | Thread Index | Old Index