> On Wed, 12 Nov 2003, Christian Huitema wrote:
> > The section "5.4.5 When Duplicate Address Detection Fails" currently
> > says:
> >
> > A tentative address that is determined to be a duplicate as described
> > above, MUST NOT be assigned to an interface and the node SHOULD log a
> > system management error. If the address is a link-local address
> > formed from an interface identifier, the interface SHOULD be
> > disabled.
> >
> > The part about disabling the interface enables a DOS attack: wait for a
> > target to come on line and send a DAD packet, reply with a deliberate
> > collision, and poof the target is disconnected from the network.
>
> Unless you haven't noted from SEND work, if you have access to the local
> link, you can do pretty much everything anyway, so this is really not big
> news.
agree completely. if you allow enemy to be on-link you are dead.
my suggestion is to leave it SHOULD.
itojun
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
