Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Linux kernel handling of IPv6 temporary addresses
From: P J P <ppandit () redhat com>
Date: Mon, 21 Jan 2013 18:02:46 +0530 (IST)

+-- On Sun, 20 Jan 2013, George Kargiotakis wrote --+
| Yes and no. When flooding finishes everything still works ok,
| temp. addresses haven't been disabled, but when the preferred timer
| of the temp. address of the original acquired prefix expires, the kernel
| won't be able to acquire a new temporary address because the interface
| is already full with 16 addresses from flooding. An already acquired
| address only gets removed when it's validity timer expires. So, the
| host will be left using the global non-temp address acquired by slaac
| until another 'slot' (from the default 16) becomes free/expires.
| 
| Summarizing, one is still able to remotely, inside a LAN, cause
| problems to another host, that is make it lose it's temp. address
| functionality at least for some time.

  Ah right. I just wanted to confirm if it makes sense to push that patch 
upstream. I think we'll defer it for now.

Thanks so much.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]