Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 Jan 2013 18:02:46 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss-security@...ts.openwall.com
cc: kargig@...d.gr
Subject: Re: Linux kernel handling of IPv6 temporary
 addresses

+-- On Sun, 20 Jan 2013, George Kargiotakis wrote --+
| Yes and no. When flooding finishes everything still works ok,
| temp. addresses haven't been disabled, but when the preferred timer
| of the temp. address of the original acquired prefix expires, the kernel
| won't be able to acquire a new temporary address because the interface
| is already full with 16 addresses from flooding. An already acquired
| address only gets removed when it's validity timer expires. So, the
| host will be left using the global non-temp address acquired by slaac
| until another 'slot' (from the default 16) becomes free/expires.
| 
| Summarizing, one is still able to remotely, inside a LAN, cause
| problems to another host, that is make it lose it's temp. address
| functionality at least for some time.

  Ah right. I just wanted to confirm if it makes sense to push that patch 
upstream. I think we'll defer it for now.

Thanks so much.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.