[ipv6hackers] an interesting DHCPv6 DoS
Tore Anderson
tore at fud.no
Tue Feb 4 20:42:08 CET 2014
* Mark ZZZ Smith
> One other question though, it also shouldn't be asking for a IA-NA
> unless you have the M bit (Managed Address bit) switched on in RAs.
> If you do have it switched on, it would be interesting whether
> switching it off (just leaving the O bit switched on) would stop the
> CPE asking for IA-NAs in its DHCPv6 requests.
I'm not sure this is correct. RFC 6204 implies that a router may start
DHCPv6 before having even seen an RA:
WPD-5: If the IPv6 CE router initiates DHCPv6 before receiving a
Router Advertisement, it MUST also request an IA_NA option in
DHCPv6.
While this has been taken out of RFC 7084, I see no language there that
forbids a router from requesting IA_NA before it has seen an RA with M=1.
Tore
More information about the Ipv6hackers
mailing list