Subj : OpenBSD and SLAAC
To   : Janne Johansson
From : Markus Reschke
Date : Mon Mar 19 2018 14:53:00

Hello Janne!

Mar 19 09:59 2018, Janne Johansson wrote to Michiel van der Vlist:

 JJ> I think there was some ndp exhaustion attack where you were advised 
 JJ> to use something like /120 for link nets (not using SLAAC there of 
 JJ> course) in order for routers to not have to keep huge NDP tables for 
 JJ> that link, so in that sense most software should be able to think in 
 JJ> smaller than /64 nets and now, also for dynamic client configuration 
 JJ> on obsd.

The ND exhaustion attack would be only possible for a directly connected network, e.g. a LAN. A xfer network for a link between routers isn't affected because ND should only accept local packets. Anyway, there are several solutions to limit/mitigate the problem for a LAN router.

ciao,
Markus

--- 
 * Origin: *** theca tabellaria *** (2:240/1661)

.