RFC3756:https://tools.ietf.org/html/rfc3756#page-11
简介:
IPv6 Neighbor Discovery (ND) Trust Models and Threats
4.1.3. Duplicate Address Detection DoS Attack
In networks where the entering hosts obtain their addresses using
stateless address autoconfiguration [3], an attacking node could
launch a DoS attack by responding to every duplicate address
detection attempt made by an entering host. If the attacker claims
the address, then the host will never be able to obtain an address.
The attacker can claim the address in two ways: it can either reply
with an NS, simulating that it is performing DAD, too, or it can
reply with an NA, simulating that it has already taken the address
into use. This threat was identified in RFC 2462 [3]. The issue may
also be present when other types of address configuration is used,
i.e., whene