[LAC-TF] Fwd: [ipv6hackers] an interesting DHCPv6 DoS
fgont at si6networks.com
Tue Feb 4 05:38:55 BRST 2014
-------- Original Message --------
Subject: [ipv6hackers] an interesting DHCPv6 DoS
Date: Wed, 29 Jan 2014 22:42:15 +0200
From: Tassos Chatzithomaoglou <achatz at forthnet.gr>
Reply-To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
To: ipv6hackers at lists.si6networks.com
Each DHCPv6 binding includes a different prefix due to the different
DUID, but the client is always the same.
The issue is triggered by the CPE asking for IA-NA & IA-PD, while only
IA-PD is available.
Although the DHCPv6 server answers with NOADDRS-AVAIL to the IA-NA, the
CPE thinks it is smarter and asks again for IA-NA using a new DUID...and
it continues doing so for many hours, until all its DUIDs are
exhausted...or all the DHCPv6-PD prefixes are exhausted
We have seen up to 3k bindings per hour from a single CPE!
We have informed both the CPE (TP-Link) and DHCPv6/BRAS (Cisco) vendors
of the issue and we are hoping for a solution.
As it seems, nobody at Cisco thought of giving the capability to limit
the number of bindings on a DHCPv6 server based on something different
than the DUID.
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
More information about the LACTF