= Сообщение: 5273 из 7402 ============================================= IPV6 = От : Markus Reschke 2:240/1661 19 Mar 18 14:53:00 Кому : Janne Johansson 19 Mar 18 14:53:00 Тема : OpenBSD and SLAAC FGHI : area://IPV6?msgid=2:240/1661+5aa9647d На : area://IPV6?msgid=2:221/6+5aaf6de2 = Кодировка сообщения определена как: LATIN1 ================================= Ответ: area://IPV6?msgid=2:221/6+5aafe95c ============================================================================== Hello Janne!
Mar 19 09:59 2018, Janne Johansson wrote to Michiel van der Vlist:
JJ> I think there was some ndp exhaustion attack where you were advised JJ> to use something like /120 for link nets (not using SLAAC there of JJ> course) in order for routers to not have to keep huge NDP tables for JJ> that link, so in that sense most software should be able to think in JJ> smaller than /64 nets and now, also for dynamic client configuration JJ> on obsd.
The ND exhaustion attack would be only possible for a directly connected network, e.g. a LAN. A xfer network for a link between routers isn't affected because ND should only accept local packets. Anyway, there are several solutions to limit/mitigate the problem for a LAN router.
