[ipv6hackers] Status on NDP Exhaustion Attacks?
Owen DeLong
owend at he.net
Wed Sep 28 07:43:59 CEST 2011
>
> * A possible additional improvement (which "violates the spec") could be
> that when an IPv6 address needs to be mapped to a MAC address, an NS is
> sent, but no entry is created in the NC... and you'd create an entry
> when receiving the corresponding NA (which would look as a "gratuitous
> NA", since you would not be keeping track of the NS you had sent in the
> first place)
>
Since we're talking about security, wouldn't that basically open you up to NC
poisoning attacks where someone could inject a gratuitous NA for $IMPORTANT_HOST
and intercept it's traffic?
Owen
More information about the Ipv6hackers
mailing list