[AusNOG] "Further Mitigating Router ND Cache Exhaustion DoS Attacks Using Solicited-Node Group Membership"
Mark Smith
markzzzsmith at gmail.com
Sun Feb 28 16:21:44 EST 2016
Hi,
This is an Internet Draft a first wrote quite a while ago, and have since
recently revisited.
It covers the use of IPv6 Solicited-Node multicast groups as a method
to further mitigate a possible Denial of Service attack on the IPv6
Neighbor Cache.
One thing I've done in the recent revisions is to better cover how
Solicited-Node multicast groups are used in IPv6 neighbor discovery,
as I think this is one of the few areas where IPv6 is doing something
that hasn't been done in any other network protocols in the past, and
I also think it would be one of the lesser understood areas of IPv6. I
think some of that explanation would be of interest to people here.
As always, comments and review welcome.
Regards,
Mark.
---------- Forwarded message ----------
From: <internet-drafts at ietf.org>
Date: 28 February 2016 at 15:54
Subject: New Version Notification for
draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02.txt
To: "markzzzsmith+ietf-dt at gmail.com" <markzzzsmith at gmail.com>
A new version of I-D, draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02.txt
has been successfully submitted by Mark Smith and posted to the
IETF repository.
Name: draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node
Revision: 02
Title: Further Mitigating Router ND Cache Exhaustion DoS
Attacks Using Solicited-Node Group Membership
Document date: 2016-02-27
Group: Individual Submission
Pages: 12
URL:
https://www.ietf.org/internet-drafts/draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02.txt
Status:
https://datatracker.ietf.org/doc/draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node/
Htmlized:
https://tools.ietf.org/html/draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-smith-v6ops-mitigate-rtr-dos-mld-slctd-node-02
Abstract:
For each of their IPv6 unicast or anycast addresses, nodes join a
Solicited-Node multicast group, formed using the lower 24 bits of the
address. This Solicited-Node group membership could be used by
routers to further mitigate a Neighbor Discovery cache Denial of
Service attack.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
More information about the AusNOG
mailing list