[ipv6hackers] an interesting DHCPv6 DoS

Tjeldnes, Terje Terje.Tjeldnes at get.no
Tue Feb 4 09:43:31 CET 2014

On 29.01.14 21:42, "Tassos Chatzithomaoglou" <achatz at forthnet.gr> wrote:

>We have seen up to 3k bindings per hour from a single CPE!
>We have informed both the CPE (TP-Link) and DHCPv6/BRAS (Cisco) vendors
>of the issue and we are hoping for a solution.
>As it seems, nobody at Cisco thought of giving the capability to limit
>the number of bindings on a DHCPv6 server based on something different
>than the DUID.

That's because the DUID is supposed to uniquely identify a client and not
ever change. A DHCPv6 server does not (and can not) account for
misconfigured or bugged clients sending requests from multiple DUIDs. The
Cisco 10K CMTSes have implemented limits for how many lease bindings
(configurable for both v4 and v6) a CPE may have so "someone" at Cisco has
thought of it, although maybe not in your particular product :-)

// Terje

More information about the Ipv6hackers mailing list