Date: Mon, 21 Jan 2013 18:02:46 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss-security@...ts.openwall.com cc: kargig@...d.gr Subject: Re: Linux kernel handling of IPv6 temporary addresses +-- On Sun, 20 Jan 2013, George Kargiotakis wrote --+ | Yes and no. When flooding finishes everything still works ok, | temp. addresses haven't been disabled, but when the preferred timer | of the temp. address of the original acquired prefix expires, the kernel | won't be able to acquire a new temporary address because the interface | is already full with 16 addresses from flooding. An already acquired | address only gets removed when it's validity timer expires. So, the | host will be left using the global non-temp address acquired by slaac | until another 'slot' (from the default 16) becomes free/expires. | | Summarizing, one is still able to remotely, inside a LAN, cause | problems to another host, that is make it lose it's temp. address | functionality at least for some time. Ah right. I just wanted to confirm if it makes sense to push that patch upstream. I think we'll defer it for now. Thanks so much. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ