[ipv6hackers] flood_router26 video

Karl Auer kauer at biplane.com.au
Mon Nov 12 00:16:21 CET 2012

On Sun, 2012-11-11 at 17:40 +0100, Marc Heuse wrote:
> All OS with the exception of Linux (and I have not tested Solaris or
> OpenBSD but everything else) is vulnerable against this one to very
> different degrees

I'm still unsure *why* Linux seems to resist this attack. I wonder if it
is to do with the logic around the permitted number of addresses on an
interface - 16 by default.

If the logic says "for each prefix, check whether I've gone over 16, and
if so don't add an address", then we should see Linux generating up to
16 addresses on the receiving interface. This doesn't happen. If the
logic says "if this set of prefixes would take me over 16 addresses,
don't configure any addresses", then this resistant behaviour is what we
would expect. The latter logic is better anyway - for how can the
receiver know *which* of the too-many prefixes it should use?

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687

More information about the Ipv6hackers mailing list