On Wed, 2003-02-12 at 19:11, James Kempf wrote:
> But isn't there a simple attack in which the attacker sends an NA message out
> with the victim's link layer address in the option but its own address on the
> frame? Naturally, if the link layer allows the attacker to send out frames under
> a false address, it could fully spoof the victim as well.
Cache poisoning. It seems to me that this could be made much harder with
a very slight change to the ND specification: store the Override bit
into the cache entry, and only allow an advertisment with Override=1 to
overwrite an entry with stored_Override=0, otherwise transition the
entry to STALE as with Override=0.
MikaL
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
