Sorry for the delay in responding - I've had it on my todo list for
quite a while.
> According to draft-ietf-ipngwg-rfc2292bis-01.txt, it seems to me that
> any users can set IPV6_REACHCONF cmsg type for an outgoing
> UDP/raw-IPv6 packet.
>
> However, this option might be dangerous in some situations. Consider
> the following scenario:
>
> - A node "A" resolves the link-layer address of another node "B", and
> then starts communicating with B.
> - After starting the communication, a malicious user opens a UDP
> socket to B, and continuously sends packets to B with the
> IPV6_REACHCONF option.
> - Then the neighbor cache entry for B will never be stale, and NUD
> will never occur even if B is down.
>
> I'm not sure if we should regard such a scenario as a threat, but it
> would be much safer to limit use of the option to privileged users.
I agree that there is a risk for somewhat of a Denial of Service attack here.
But it is a fairly small possibility; not only do the attacking application
need to run on the same machine, it also has no effect until there is
actually a reachability problem.
So I don't know how serious problem this is.
Restricting its use to priviledged users means that e.g. the resolver library
(when invoked by a non-priviledged process) can't provide reachability
confirmation over UDP.
I think that would be unfortunate.
Erik
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
