> > I have a different question in the same context. Assume two nodes
> > node A and node B on the same link. If node A (malicious) does
> > not do *DAD* and sends out a packet with node B's address as source
> > address to B, B should drop the packet. But this is not mentioned
> > in the spec anywhere. It assumes that both nodes A and B does
> > DAD. If node B does not drop the packet, it could potentially
> > create a neighbor cache entry with node A's source address
> > which is itself, with node A's h/w address information.
> >
> > Does the spec say anything on the above ?
>
> No.
>
> I don't see why you would create a neighbor cache entry in this situation.
> When node B tries to reply to the source address in the packet, which is its
> own address, won't node B just use its loopback path and not create an NCE?
>
>From reading section 7.2.3 Receipt of Neighbor solicitations in RFC2461,
it says that one should create or update the neighbor cache
entry for source address if the source link layer option is present.
> ND does not claim to be secure against malicious nodes on your link.
>
But this could be a simple enough check to make sure that we are
not recieving NS with our own address.
-mohan
> Rich
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
