NDP DoS attack

Mikael Abrahamsson swmike at swm.pp.se
Sun Jul 17 10:59:34 UTC 2011


On Sun, 17 Jul 2011, Florian Weimer wrote:

> Interesting, thnaks.  It's not the vendors I would expect, and it's not 
> based on SEND (which is not surprising at all and actually a good 
> thing).

Personally I think SEND is never going to get any traction.

> Is this actually secure in the sense that it ties addresses to specific 
> ports for both sending and receiving?  I'm asking because folks have 
> built similar systems for IPv4 which weren't.  The CLI screenshots look 
> good, better than what most folks achieve with IPv4.

As far as I know, it's designed to work securely in an ETTH scenario, 
which implies both sending and receiving (if I understood you correctly).

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se




More information about the NANOG mailing list