tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ndp



On Tue, 19 Feb 2013 09:23:44 -0300, Fernando Gont wrote:

> That is actually a problem: it can be exploited for DoS purposes. --
> even a remote address scanning attack might cause that as a side effect.
> 
> Cheers,

I have accidentally participated in an apparent DoS like this, when a 
diagnostic 'is IPv6 working' account I hosted leaked to the wrong /32 and 
an ISP somewhere in South America started to get saturated by a walk 
across their announced space.

I believe there are commercial implementations of switch logic which do 
some kind of ageing out of the ND cache to set limits on growth. Maybe a 
Ptree for this stuff in NetBSD needs a timer, and a background process to 
mark/sweep idle entries.

-G




Home | Main Index | Thread Index | Old Index