| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200423.122953.620712677247198855.davem@davemloft.net> Date: Thu, 23 Apr 2020 12:29:53 -0700 (PDT) From: David Miller <davem@...emloft.net> To: fgont@...networks.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next] ipv6: Honor all IPv6 PIO Valid Lifetime values From: Fernando Gont <fgont@...networks.com> Date: Sun, 19 Apr 2020 09:24:57 -0300 > RFC4862 5.5.3 e) prevents received Router Advertisements from reducing > the Valid Lifetime of configured addresses to less than two hours, thus > preventing hosts from reacting to the information provided by a router > that has positive knowledge that a prefix has become invalid. > > This patch makes hosts honor all Valid Lifetime values, as per > draft-gont-6man-slaac-renum-06, Section 4.2. This is meant to help > mitigate the problem discussed in draft-ietf-v6ops-slaac-renum. > > Note: Attacks aiming at disabling an advertised prefix via a Valid > Lifetime of 0 are not really more harmful than other attacks > that can be performed via forged RA messages, such as those > aiming at completely disabling a next-hop router via an RA that > advertises a Router Lifetime of 0, or performing a Denial of > Service (DoS) attack by advertising illegitimate prefixes via > forged PIOs. In scenarios where RA-based attacks are of concern, > proper mitigations such as RA-Guard [RFC6105] [RFC7113] should > be implemented. > > Signed-off-by: Fernando Gont <fgont@...networks.com> Applied, thank you.
Powered by blists - more mailing lists