On 2018-03-19 14:53, Markus Reschke : Janne Johansson wrote:   
   > Hello Janne!   
      
   > The ND exhaustion attack would be only possible for a directly connected   
   > network, e.g. a LAN. A xfer network for a link between routers isn't   
   > affected because ND should only accept local packets. Anyway, there are   
   > several solutions to limit/mitigate the problem for a LAN router.   
      
   In the examples I saw, they just nmap'ed the range of a link network   
   and caused issues on routers when it's ndp/arp cache got filled with   
   tons of entries waiting to see if they could be resolved (which they   
   couldn't since no entity was there) and where you as an attacker could   
   figure out which network to attack just using traceroutes.   
      
   In that case, moving to a /120 (ie like a /24 in IPv4 terms) meant there   
   could be at most 256 entries to scan on that interface and it would   
   easily be accomodated in the router neighbor caches while still having   
   lots of room for whatever you need on that link.   
      
   ---   
    * Origin: nntp://news.fidonet.fi - Lake Ylo - Finland (2:221/6)