[134497] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Tim Chown)
Thu Jan 6 10:26:07 2011
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <201101061010.23043.lowen@pari.edu>
Date: Thu, 6 Jan 2011 15:23:30 +0000
To: nanog@nanog.org
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6 Jan 2011, at 15:10, Lamar Owen wrote:
>=20
> Ok, perhaps I'm dense, but why is the router going to try to find a =
host that it already doesn't know based on an unsolicited outside =
packet? Why is the router trusting the outside's idea of what addresses =
are active, and why isn't the router dropping packets on the floor =
destined to hosts on one of its interfaces' local subnets that it =
doesn't already know about?
>=20
> If the packet is a response to a request from the host, then the =
router should have seen the outgoing packet (or, in the case of =
HSRP-teamed routers, all the routers in the standby group should be =
keeping track of all hosts, etc) and it should already be in the =
neighbor table.
There's some interesting discussion around this point in RFC6018, which =
discusses the use of greynet monitoring in sparsely populated IPv6 =
subnets. This approach may be one method to help detect and or =
mitigate such attacks.
Tim=
