[ipv6hackers] Status on NDP Exhaustion Attacks?

Fernando Gont fgont at si6networks.com
Wed Sep 28 19:07:14 CEST 2011


On 09/28/2011 12:40 PM, Owen DeLong wrote:
>>>> * A possible additional improvement (which "violates the spec") could be
>>>> that when an IPv6 address needs to be mapped to a MAC address, an NS is
>>>> sent, but no entry is created in the NC... and you'd create an entry
>>>> when receiving the corresponding NA (which would look as a "gratuitous
>>>> NA", since you would not be keeping track of the NS you had sent in the
>>>> first place)
>>>>
>>> Since we're talking about security, wouldn't that basically open you up to NC
>>> poisoning attacks where someone could inject a gratuitous NA for $IMPORTANT_HOST
>>> and intercept it's traffic?
>>
>> The aforementioned behavior does not affect any entries already present
>> in the NC, and hence does not the vulnerability you describe any different.
> 
> Sure it does, it just means you have to get your gratuitous NA in ahead of the
> real one.

How is this different from a normal NA-spoofing attack in which the
target does not honour gratuitous NAs?

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





More information about the Ipv6hackers mailing list