> the attacker was willing to be caught. Because redirects can't be forwarded
> from off-link (the hop limit must be 255 when received) there is no way for
> an attacker to mount a redirect based attack unless the attacking system
> is on the same link as the target.
Correct. And like you say, it applies to the ND/RD messages as well.
However, Packet Too Big and Parameter Problem are end-to-end
messages, not local link messages. Hence, if spoofed multicast
messages can be replied with ICMPs, the hop limit check
won't help that.
Jari
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
