| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 May 2011 16:21:32 +0200 (CEST) From: Mikael Abrahamsson <swmike@....pp.se> To: Gervais Arthur <arthur.gervais@...a-lyon.fr> cc: Eric Dumazet <eric.dumazet@...il.com>, Jan Ceuleers <jan.ceuleers@...puter.org>, netdev@...r.kernel.org Subject: Re: Fwd: PROBLEM: IPv6 Duplicate Address Detection with non RFC-conform ICMPv6 packets On Sat, 7 May 2011, Gervais Arthur wrote: > If the network administrator is using some IDS like NDPMon > (http://ndpmon.sourceforge.net/) to detect a DAD DoS attacks, and the > attacker changes the MAC address like I described, it will not detect > the DAD DoS attack anymore (because the victim itself claims already > having the IPv6 address). If the network admin allows anyone to source any packet then they're already screwed. Networks need IETF SAVI-WG functionality to secure their network, if spoofing is allowed it's already too late. The earlier network admins realise this and stop just trying to monitor the problem, the better. -- Mikael Abrahamsson email: swmike@....pp.se -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists