NIST IPv6 document

[jbates at brightok.net (Jack Bates)]

On 1/5/2011 11:19 AM, Jeff Wheeler wrote:
> IPv6) I can scan your v6 /64 subnet, and your router will have to send
> out NDP NS for every host I scan.  If it requires "incomplete" entries
> in its table, I will use them all up, and NDP learning will be broken.
>   Typically, this breaks not just on that interface, but on the entire
> router.  This is much worse than the v4/ARP sitation.
>

I haven't checked of late for v6, but I'd expect the same NDP security 
we have for ARP these days, which reduces the need to even send 
unsolicited ND requests.

In this day and age, sending unsolicited neighbor requests from a router 
seems terribly broken. Even with SLAAC, one could quickly design a model 
that doesn't require unsolicited ND from the router to find the remove 
computer. This could possibly utilize DAD checks or even await the first 
packet from the node (similar to how we fill our MAC forwarding tables 
in switches, and not all switches will broadcast when a MAC is unknown).


Jack