[ipv6hackers] Status on NDP Exhaustion Attacks?
Jim Small
jim.small at cdw.com
Wed Sep 28 01:59:33 CEST 2011
Are there any new defenses for NDP Exhaustion attacks:
http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf
I have heard that Cisco has implemented some protection against this but I haven't uncovered any specifics just yet.
The author's recommendation was to use smaller subnets that /64s. My experience from teaching networking is that VLSM/Subnetting adds complexity and that if all host/server networks in IPv6 could be /64s it would make networking easier.
Is there a good solution to this problem besides smaller subnets?
--Jim
More information about the Ipv6hackers
mailing list