Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds

Owen DeLong <> Thu, 31 October 2019 23:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 553AA12086F for <>; Thu, 31 Oct 2019 16:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id boAwbRBKTHWd for <>; Thu, 31 Oct 2019 16:17:57 -0700 (PDT)
Received: from ( [IPv6:2620:0:930::200:2]) by (Postfix) with ESMTP id B840412026E for <>; Thu, 31 Oct 2019 16:17:57 -0700 (PDT)
Received: from [] ([]) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id x9VJsmgM029622 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Oct 2019 12:54:48 -0700
DKIM-Filter: OpenDKIM Filter v2.11.0 x9VJsmgM029622
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=mail; t=1572551689; bh=ioaUTNQL7UgFlcxN0J6WNb59gPrqvur7We87rsCrPzw=; h=From:Subject:Date:In-Reply-To:Cc:To:References:From; b=SbdbZm00W1FnVRAGumw3dqhAZi6wCdweTJqtYQDRNbhd+ZQnIl3IFmfoHvGaHddgH PY9Dwef/3ghM9Nh6IWPhBCOJWtqFOvyIMQTQEAVzIRdS2nUggmv9FWJ+ECa3V10qIv 8csNHmcfqqVlP9tN/QPiwBShx1Jm/Umd+SkPwuJ8=
From: Owen DeLong <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E7484BCD-E5A5-44AB-AEC8-03451C724F5C"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Thu, 31 Oct 2019 12:54:47 -0700
In-Reply-To: <>
Cc: Fernando Gont <>,
To: Ted Lemon <>
References: <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.8)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 ( []); Thu, 31 Oct 2019 12:54:49 -0700 (PDT)
Archived-At: <>
Subject: Re: [v6ops] SLAAC renum: Problem Statement & Operational workarounds
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 23:18:11 -0000

> On Oct 31, 2019, at 12:47 PM, Ted Lemon <> wrote:
> On Oct 31, 2019, at 3:41 PM, Fernando Gont < <>> wrote:
>> As someone that has played a lot with ND-based DoS vectors, I should say
>> that you trust RAs, or you don't. If you do, all bets are off. ("sudo
>> apt-get install ipv6toolkit;man ra6" and you'll get examples of a bunch
>> of other DoS attacks that an attacker can perform).
> As an end user, I don’t have this experience.   If someone is spamming my network with RAs, I can find out who and disconnect them.   A DoS attack based on massive quantities of RAs is a lot different than an attack that shuts my network off with one multicast. 

There are a variety of attacks in Fernando’s documentation which do not require large numbers of Gas.

A few multicast RAs well timed can, for example, change everyone’s default gateway for MITM games.

Another thing you often seem to miss, Ted, is that not everyone’s environment is necessarily similar to yours.

When developing I-Ds and RFCs, care must be taken to consider that the internet is an extremely diverse set of networks in an even more diverse set of environments.