nanog mailing list archives
Re: IPv6, IPSEC and DoS
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 2 Jan 2005 11:26:09 +0100
On 2-jan-05, at 4:07, Valdis.Kletnieks () vt edu wrote:
No, that list is just a starting point for the discussion. A lot of stuff in the list doesn't amount to anything. (For instance, there is no ARP in IPv6.)
Yeah, ARP is basically one machine yelling "Who has this IP?" and anotherone answering "ME!! ME!!". In IPv6, there's something called "NeighborDiscovery" where one machine yells "Who has this address?" and another oneyells back "ME!! ME!!". Totally different things :)
The base functionality is obviously the same. It's implemented quite differently, though.
(Note that they both do the exact same thing to make sure the correct machine is yelling "ME!! ME!!"....)
Really? So ARP uses SEND? ( http://www.ietf.org/html.charters/OLD/send-charter.html )
(Although living in a hostile subnet isn't something I would recommend in the first place. Being on the same link opens way too many additional attack vectors.)
Current thread:
- IPv6, IPSEC and DoS J. Oquendo (Dec 31)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Dec 31)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 01)
- Re: IPv6, IPSEC and DoS Rob Thomas (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 02)
- Re: IPv6, IPSEC and DoS Rob Thomas (Jan 01)
- <Possible follow-ups>
- Re: IPv6, IPSEC and DoS J. Oquendo (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Joe Abley (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Jan 03)
- Re: IPv6, IPSEC and DoS Sean Donelan (Jan 03)
- Re: IPv6, IPSEC and DoS Todd Vierling (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)