on 2/2/01 5:26 AM, JINMEI Tatuya / ???? wrote:
>>>>>> On Thu, 01 Feb 2001 23:06:31 -0800,
>>>>>> "T.J. Kniveton" <[EMAIL PROTECTED]> said:
>
>> However, RFC 2462 has stated that unless router advertisements are
>> authenticated, any router advertisement trying to expire the prefix
>> (which still has a few days, to most of a month, of validity left), will
>> just lower it to two hours.
>
>> Is it OK with everyone that a node that has been turned off for a while,
>> could possibly be *unusable* on a network for two hours? We can not say
>> that an admin will log into this machine and manually remove the prefix,
>> or that router advertisements after a network renumber will be
>> authenticated. Both of these make far too many assumptions.
>
> In this case, we can reasonably assume that a new prefix (with positive
> valid and preferred lifetimes) is being advertised. Thus, we have at
> least one preferred address. Also, in the scenario above, the old
> prefix is being advertised with zero lifetimes, the old address is
> immediately deprecated (note that the "two hours" protection described
> in RFC 2462 is not applied to preferred lifetime.) Consequently, we
> would just use the (only) preferred address when we start a new
> communication by the definition of the "deprecated" address, and would
> not see any problems in a normal operation.
OK, thanks, that is clearer.
Isn't this still vulnerable to a desnial of service attack? If I only have
one global address and a malicious node deprecates my address, I can not
open any new connections. Granted, I can continue using the connections that
are open, but it still prevents further communication. I would assume that
whenever there are no valid prefixes, the node would send a router
solicitation. But if the attacking node is fast, it can deprecate prefixes
as soon as they're advertised.
>
>> Aside from whether this is "OK," there is inconsistency between these
>> drafts. 2461 does not seem to account for the DoS attack which 2462 is
>> trying to avoid.
>
> No, we don't care about zero-lifetime attack in prefix (i.e on-link)
> manipulation, which RFC 2461 describes. We only care about the attack
> that attemps to make a victim's *address* invalid.
>
> Note that we can still send packets to default routers even if we
> don't have any known on-link prefixes, while we can't make any
> off-link communications if all the global addresses are invalidated.
>
> Of course, you could say that this policy is "wrong", but at least the
> two policies are not inconsistent.
The distinction between deprecating a prefix and invalidating it was what I
was missing in my read of the draft. I still see a problem vis a vis the
zero-lifetime attack. Am I missing something?
--
TJ Kniveton
NOKIA Research
>
> JINMEI, Tatuya
> Communication Platform Lab.
> Corporate R&D Center, Toshiba Corp.
> [EMAIL PROTECTED]
>
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
