On Wed, 12 Nov 2003, Christian Huitema wrote: > The section "5.4.5 When Duplicate Address Detection Fails" currently > says: > > A tentative address that is determined to be a duplicate as described > above, MUST NOT be assigned to an interface and the node SHOULD log a > system management error. If the address is a link-local address > formed from an interface identifier, the interface SHOULD be > disabled. > > The part about disabling the interface enables a DOS attack: wait for a > target to come on line and send a DAD packet, reply with a deliberate > collision, and poof the target is disconnected from the network.
Unless you haven't noted from SEND work, if you have access to the local link, you can do pretty much everything anyway, so this is really not big news. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
