[AusNOG] "Further Mitigating Router ND Cache Exhaustion DoS Attacks Using Solicited-Node Group Membership"

Mark Smith markzzzsmith at gmail.com
Sun Feb 28 16:21:44 EST 2016


Hi,

This is an Internet Draft a first wrote quite a while ago, and have since
recently revisited.

It covers the use of IPv6 Solicited-Node multicast groups as a method
to further mitigate a possible Denial of Service attack on the IPv6
Neighbor Cache.

One thing I've done in the recent revisions is to better cover how
Solicited-Node multicast groups are used in IPv6 neighbor discovery,
as I think this is one of the few areas where IPv6 is doing something
that hasn't been done in any other network protocols in the past, and
I also think it would be one of the lesser understood areas of IPv6. I
think some of that explanation would be of interest to people here.

As always, comments and review welcome.

Regards,
Mark.


---------- Forwarded message ----------
From:  <internet-drafts at ietf.org>
Date: 28 February 2016 at 15:54
Subject: New Version Notification for
draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02.txt
To: "markzzzsmith+ietf-dt at gmail.com" <markzzzsmith at gmail.com>



A new version of I-D, draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02.txt
has been successfully submitted by Mark Smith and posted to the
IETF repository.

Name:           draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node
Revision:       02
Title:          Further Mitigating Router ND Cache Exhaustion DoS
Attacks Using Solicited-Node Group Membership
Document date:  2016-02-27
Group:          Individual Submission
Pages:          12
URL:
https://www.ietf.org/internet-drafts/draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02.txt
Status:
https://datatracker.ietf.org/doc/draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node/
Htmlized:
https://tools.ietf.org/html/draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02

Abstract:
   For each of their IPv6 unicast or anycast addresses, nodes join a
   Solicited-Node multicast group, formed using the lower 24 bits of the
   address.  This Solicited-Node group membership could be used by
   routers to further mitigate a Neighbor Discovery cache Denial of
   Service attack.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


More information about the AusNOG mailing list