[142880] in North American Network Operators' Group
Re: NDP DoS attack
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sun Jul 17 06:48:25 2011
From: Florian Weimer <fw@deneb.enyo.de>
To: Mikael Abrahamsson <swmike@swm.pp.se>
Date: Sun, 17 Jul 2011 12:47:48 +0200
In-Reply-To: <alpine.DEB.2.00.1107171222060.20159@uplift.swm.pp.se> (Mikael
Abrahamsson's message of "Sun, 17 Jul 2011 12:31:25 +0200 (CEST)")
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Mikael Abrahamsson:
> On Sun, 17 Jul 2011, Florian Weimer wrote:
>
>> Others use tunnels, PPPoE or lots of scripting, so certainly
>> something can be done about it. To my knowledge, SAVI SEND is still
>> at a similar stage. Pointers to vendor documentation would be
>> appreciated if this is not the case.
>
> <www.ietf.org/proceedings/79/slides/savi-6.pdf>
Interesting, thnaks. It's not the vendors I would expect, and it's
not based on SEND (which is not surprising at all and actually a good
thing).
Is this actually secure in the sense that it ties addresses to
specific ports for both sending and receiving? I'm asking because
folks have built similar systems for IPv4 which weren't. The CLI
screenshots look good, better than what most folks achieve with IPv4.
_____
NANOG mailing list
NANOG@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog
