Vasilenko Eduard wrote:
About ARP storm:
For the accurate history, ARP storm was a problem about 30 or 35 years ago, when some network managers were putting *thousands* of hosts in a single broadcast domain. Then, as switch implementations were too often buggy, broadcast storm was a rare but serious problem of the managers and it was sometimes called ARP storm because ARP is the major protocol to use broadcast. Though IP people at that time were happy with small subnets divided by routers following the CATENET model, the reasoning to have large broadcast domain was that managing routers to support multiple L3 protocols is painful, which is still so for management of routers supporting both IPv4 and IPv6. IIRC, Brian was a such manager. But, as IPv4 became the only protocol worth supporting, Ethernet broadcast domain became small divided by IPv4-only routers and switch implementations became not so buggy, ARP storm is not a problem today at all.
ND has much bigger DoS capabilities because
Though many people who insists on IPv6 totally misunderstand, broadcast ban by IPv6 is totally meaningless as requiring to support all host multicast instead of broadcast is as bad (it is actually not bad) as supporting broadcast. Though I have found that, these days, some people says "ARP storm" mean some compromised host generates a lot of broadcast ARP packets, it is no worse than the host generates a lot of all-host-multicast ND packets. As such, ND is no better than ARP. Masataka Ohta
