Ted Lemon <[email protected]> writes: > No, because this just leaves the client open to a different DoS > attack. If you have rogue configuration protocols running on your > network, you need to fix it. This just moves the problem around—it > doesn't solve it.
Well, assuming this stays as an RA option and not a DHCPv4 one, I don't think it will be unreasonable for someone running an IPv4-only network to assume that they don't have to worry about IPv6 configuration protocols disabling their IPv4. Having the exception that if IPv4 already works, don't disable it will make this assumption more likely to be true. As an example, consider a university campus network (or a conference network) running IPv4 only, and someone broadcasting an RA packet onto the open wireless. Suddenly everything goes offline and will stay that way (until the RA expires) since no legitimate RAs come along to tell hosts to turn IPv4 back on. > One thing that I think would make this less likely to happen would be > to state that no-ipv4 must be present on all valid configuration > states received on a particular interface in order for no-ipv4 to be > valid for that interface. IOW, if you are getting rogue RAs that say > "no IPv4" and also a non-rogue RA that doesn't say "no IPv4," the host > assumes that IPv4 is permitted. This prevents a rogue RA from killing > IPv4 connectivity even for the lifetime of that RA. I would definitely think it would be a good idea to have "option not present" have the same semantics as "option set to allow ipv4". Otherwise, those actually running dual-stack networks would have to upgrade just to keep this from potentially causing problems. -Toke
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
