[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: administrivia (on avoiding injury)
Jim Bound <seamus@bit-net.com> writes:
> > Well, if there are multiple hosts on a local net who are using those
> > addresses for communications among themselves, I have some real concerns
> > about sending them messages to cease such communications. The routers
> > may not be a party to all conversations, after all.
> Just as note. The addconf spec prohibits sending rtr advs with lifetimes
> less than 2 hours for valid lifetime. This was to prevent DOS on the
> link. So the app has time to use new address that are not involved with
> multihoming for 2 hours.
Clarification: Lifetimes of less than 2 hours _in the absence of
proper authentication_ are ignored in some circumstances (e.g., a
router can't just drop the lifetime from (say) 1 day to 0 or 3 or 20
minutes). Authenticated RAs can reset the Lifetimes to any value.
This authentication step was added after it was pointed out that any
node (e.g. an intruder on a wirless link) could send out a bogus RA
telling all nodes on the link to invalidate its addresses, a rather
catastrophic result. That was deemed to large a DOS vulnerability to
leave in place.
Thomas