A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Mitigating IPv6 Router Neighbor Cache DoS Using Stateless Neighbor Discovery Author(s) : Mark Smith Filename : draft-smith-6man-mitigate-nd-cache-dos-slnd-00.txt Pages : 9 Date : 2012-10-06 Abstract: The IPv6 neighbor discovery cache is vulernable to a Denial of Service attack that purposely exhausts the state used during the neighbor discovery address resolution process. This can be very disruptive when a router is successfully attacked. This memo proposes a stateless form of neighbor discovery to be used by routers to eliminate the opportunity for this DoS attack. This method of stateless neighbor discovery would be used for unknown or untrusted packet sources, when the router's neighbor cache's state capacity reaches a medium to high threshold of use. Trusted packet sources would continue to be provided with traditional stateful neighbor discovery. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-smith-6man-mitigate-nd-cache-dos-slnd There's also a htmlized version available at: http://tools.ietf.org/html/draft-smith-6man-mitigate-nd-cache-dos-slnd-00 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
