>>>>> On Fri, 02 Feb 2001 11:17:32 -0800,
>>>>> "T.J. Kniveton" <[EMAIL PROTECTED]> said:
>> In this case, we can reasonably assume that a new prefix (with positive
>> valid and preferred lifetimes) is being advertised. Thus, we have at
>> least one preferred address. Also, in the scenario above, the old
>> prefix is being advertised with zero lifetimes, the old address is
>> immediately deprecated (note that the "two hours" protection described
>> in RFC 2462 is not applied to preferred lifetime.) Consequently, we
>> would just use the (only) preferred address when we start a new
>> communication by the definition of the "deprecated" address, and would
>> not see any problems in a normal operation.
> OK, thanks, that is clearer.
> Isn't this still vulnerable to a desnial of service attack? If I only have
> one global address and a malicious node deprecates my address, I can not
> open any new connections. Granted, I can continue using the connections that
> are open, but it still prevents further communication. I would assume that
> whenever there are no valid prefixes, the node would send a router
> solicitation. But if the attacking node is fast, it can deprecate prefixes
> as soon as they're advertised.
If you only have one global address, you can just use the address even
if the address has been deprecated. RFC2462 says
A deprecated address SHOULD continue to be used as a source
address in existing communications, but SHOULD NOT be used in new
communications if an alternate (non-deprecated) address is available
and has sufficient scope.
(Section 5.5.4)
Note that the if-clause at the end of the sentence.
>>> Aside from whether this is "OK," there is inconsistency between these
>>> drafts. 2461 does not seem to account for the DoS attack which 2462 is
>>> trying to avoid.
>>
>> No, we don't care about zero-lifetime attack in prefix (i.e on-link)
>> manipulation, which RFC 2461 describes. We only care about the attack
>> that attemps to make a victim's *address* invalid.
>>
>> Note that we can still send packets to default routers even if we
>> don't have any known on-link prefixes, while we can't make any
>> off-link communications if all the global addresses are invalidated.
>>
>> Of course, you could say that this policy is "wrong", but at least the
>> two policies are not inconsistent.
> The distinction between deprecating a prefix and invalidating it was what I
> was missing in my read of the draft. I still see a problem vis a vis the
> zero-lifetime attack. Am I missing something?
Which zero-lifetime attack did you mean? For the address lifetime,
the attacker can only make the address deprecated. This is not a
significant attack as I said in the previous message and above. For
the prefix (on-link) lifetime, the attacker can make all the prefixes
of a victim off-link. However, since the victim still knows default
routers, it can just send packets to a router, and (if it is lucky
enough,) can make any on-link and off-link communications.
However, the attacker can also
- make all valid routers' lifetimes zero, or
- be a "blackhole" router.
I admit these attacks can be a real threat, and are diffcult to
protect.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
