> A malicious host on subnet X that wanted to execute a DoS attack on a > mobile ILNP host H moving onto subnet X could lookup all of H's IDs via > DNS, and then "steal" them on X before H arrives, causing H to have to > drop all of its on-going TCP/UDP connections when it moves onto X. This
Wait a moment, are you sure the mobile ILNP host H would have to drop all of its on-going TCP/UDP connections when it moves onto X. If so, it seems much distinct from the answers from Tony and Ran for the same above question. > is due to a known security weakness with IPv6 Neighbor Discovery, which > is why Secure Neighbor Discovery (SeND) was invented. This same attack > can be executed in IPv6 today (i.e., a malicious host could use this > attack to block a laptop from powering on and joining a wireless LAN, at > least temporarily). I think you should bring the Mobile IP, rather than the non-mobile IP into comparison since both Mobile IP and ILNP are intended to support host mobility. Assume a mobile IP host H' encounters the same condition as the above mobile ILNP host H, H' could use any available IP address on subnet X as its CoA without dropping all of its on-going TCP/UDP connections since the CoA plays the PURE role of locator. That is to say, the sessions are bound to the HoA, rather than the CoA. Best wishes, Xiaohu > The fact that SeND isn't widely deployed is an indication that this > attack can be detected and mitigated by network management and isn't > seen as a particularly serious risk. > > > Regards, > > // Steve > > _______________________________________________ > rrg mailing list > [email protected] > http://www.irtf.org/mailman/listinfo/rrg _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
