[ipv6hackers] Status on NDP Exhaustion Attacks?

Jim Small jim.small at cdw.com
Wed Sep 28 01:59:33 CEST 2011


Are there any new defenses for NDP Exhaustion attacks:
http://inconcepts.biz/~jsw/IPv6_NDP_Exhaustion.pdf

I have heard that Cisco has implemented some protection against this but I haven't uncovered any specifics just yet.

The author's recommendation was to use smaller subnets that /64s.  My experience from teaching networking is that VLSM/Subnetting adds complexity and that if all host/server networks in IPv6 could be /64s it would make networking easier.

Is there a good solution to this problem besides smaller subnets?
  --Jim




More information about the Ipv6hackers mailing list