On Tue, Jun 25, 2002 at 04:43:46PM +0530, Anjaneyulu wrote: > Hi All, > The ND RFC 2461 specifies that the Hop Limit in the IPv6 Header be set > to 255 for Router Advertisement. > > But as far as i understand the router Advertisement should not be > propagated out of the Link by a router.
"should not" is the key. If somebody goofs up, and the Advertisement is thus propagatable, seeing that the hop-count is not 255 will tell to all users that no, it is not valid RA. This way only people local to the cable (link) can generate RAs that are identifiable as valid RAs, and no remote attacker can do the same. This does not prevent all kinds of attacks, only the remote ones. > Regards, > Anj /Matti Aarnio -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
