Groups | Search | Server Info | Login | Register

Groups > linux.debian.maint.ipv6 > #155

Re: Limit the number of Router Advertisements processed on an interface

From Dheeraj Kandula <dkandula@gmail.com>
Newsgroups linux.debian.maint.ipv6
Subject Re: Limit the number of Router Advertisements processed on an interface
Date 2022-07-11 22:00 +0200
Message-ID <EI7Jv-aHmo-15@gated-at.bofh.it> (permalink)
References <EyCbT-4Zr0-3@gated-at.bofh.it> <EyDrj-5073-11@gated-at.bofh.it> <EyE41-50yV-13@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Does a Linux machine know that a Router Advertisement didn't come from a
default router?

I tried to send 2 RA packets using Scapy with the destination as ff02::1.
One packet I sent using the source address of the default router, while the
other using a lower LLA.

The default routes were not generated. How did Linux figure it out? Is
there a way to know the errors that were hit? I don't know where the
"ND_PRINTK" outputs go for the function "ndisc_router_discovery". How do I
enable tracing for ND prints. I looked into "dmesg" but there were no logs
there.


Dheeraj

On Wed, Jun 15, 2022 at 12:27 PM Dheeraj Kandula <dkandula@gmail.com> wrote:

> Thanks Marc.  This is a requirement.
>
> Thus I will conclude that the kernel doesn't limit the number of RAs. I
> have to figure out a way to do this from user space.
>
> Dheeraj
>
> On Wed, Jun 15, 2022 at 11:49 AM Marc Haber <mh+debian-ipv6@zugschlus.de>
> wrote:
>
>> On Wed, Jun 15, 2022 at 10:23:18AM -0400, Dheeraj Kandula wrote:
>> > This is to avoid DOS attacks using RAs from being bombarded onto a linux
>> > machine.
>>
>> You have malicious users on your LAN and cannot do anything against
>> them?
>>
>> (RAs are link local communication and should not pass over routers,
>> thus, RAs must originate in the local network).
>>
>> Greetings
>> Marc
>>
>> --
>>
>> -----------------------------------------------------------------------------
>> Marc Haber         | "I don't trust Computers. They | Mailadresse im
>> Header
>> Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224
>> 1600402
>> Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224
>> 1600421
>>
>>

Back to linux.debian.maint.ipv6 | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Limit the number of Router Advertisements processed on an interface Dheeraj Kandula <dkandula@gmail.com> - 2022-06-15 16:30 +0200
  Re: Limit the number of Router Advertisements processed on an  interface Marc Haber <mh+debian-ipv6@zugschlus.de> - 2022-06-15 17:50 +0200
    Re: Limit the number of Router Advertisements processed on an interface Dheeraj Kandula <dkandula@gmail.com> - 2022-06-15 18:30 +0200
      Re: Limit the number of Router Advertisements processed on an interface Dheeraj Kandula <dkandula@gmail.com> - 2022-07-11 22:00 +0200
  Re: Limit the number of Router Advertisements processed on an interface Michael Richardson <mcr@sandelman.ca> - 2022-06-15 18:10 +0200

csiph-web