Hi Markku,
The following is a quote RFC2460.
The Option Type identifiers are internally encoded such that their
highest-order two bits specify the action that must be taken if the
processing IPv6 node does not recognize the Option Type:
O
O
O
10 - discard the packet and, regardless of whether or not the
packet's Destination Address was a multicast address, send an
ICMP Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.
O
O
O
Thanks,
Vishwas
On 5/28/07, Markku Savela <[EMAIL PROTECTED]> wrote:
> > On Mon, 28 May 2007, Vishwas Manral wrote:
> > > I noticed one more security issue like the Destination options header
> > > attack. A packet is sent by using a destination header as a Multicast
> > > Group address, and source address of the machine to be attacked. A
> > > random Option type is added to the destination Options header, which
> > > has the highest order two bits as 10 (send ICMP Reply to the source).
> > >
> > > The above would cause ICMP packets to be sent to the source address
> > > from all members of the multicast group to the source. This could very
> > > eaily overwhelm the source
No. Stack is not supposed to send ICMP error report, if the destination
of the triggering packet was sent to a multicast or any kind of
broadcast address (including broadcast MAC).
--
Markku Savela
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
