Susceptibility to DoS attacks is another consideration that needs some
attention, I think. The RR mechanim in MIPv6 is designed to require no
state in CN, but in the anycast RR mechanisms the roles are reversed:
here the anycast server is the one holding state.
Is that really true? What about the Binding Cache?
To me, with this anycast approach, the anycast server is the mobile
node and the client is the correspondent node. The mobile node
and the anycast server both hold state that identifies the home
address (anycast address) and the care-of address (unicast address).
In MIPv6 the binding cache entry is created only after the binding is
authenticated. The CN holds no state during the RR procedure. Only MN
does. Since only authenticated bindings go into the cache, you can't
flood it very easily.
However, you could flood the anycast server with RR state simply by
sending a lot of SYN packets with different forged source addresses.
Doesn't MIPv6 have the same problem with flooding an MN with bogus
data as a DoS attack? Casting aside any issues with a binding cache,
where is the difference between the anycast server and a mobile node?
Won't flooding with SYN packets have the same affect on a mobile node?
Brian
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
