| base.txt | issue65.txt | |
|---|---|---|
| Skipping to change at page 42, line 13: | ||
| the protocol counter each threat. | the protocol counter each threat. | |
| 9.2.1 Neighbor Solicitation/Advertisement Spoofing | 9.2.1 Neighbor Solicitation/Advertisement Spoofing | |
| This threat is defined in Section 4.1.1 of [25]. The threat is that | This threat is defined in Section 4.1.1 of [25]. The threat is that | |
| a spoofed message may cause a false entry in a node's Neighbor Cache. | a spoofed message may cause a false entry in a node's Neighbor Cache. | |
| There are two cases: | There are two cases: | |
| 1. Entries made as a side effect of a Neighbor Solicitation or | 1. Entries made as a side effect of a Neighbor Solicitation or | |
| Router Solicitation. A router receiving a Router Solicitation | Router Solicitation. A router receiving a Router Solicitation | |
| with a firm IPv6 source address and a Target Link-Layer Address | with a Target Link-Layer Address extension and the IPv6 source | |
| extension inserts an entry for the IPv6 address into its Neighbor | address not equal to the unspecified address inserts an entry for | |
| Cache. Also, a node performing Duplicate Address Detection (DAD) | the IPv6 address into its Neighbor Cache. Also, a node | |
| that receives a Neighbor Solicitation for the same address | performing Duplicate Address Detection (DAD) that receives a | |
| regards the situation as a collision and ceases to solicit for | Neighbor Solicitation for the same address regards the situation | |
| the address. | as a collision and ceases to solicit for the address. | |
| In either case, SEND counters these treats by requiring the | In either case, SEND counters these treats by requiring the | |
| Signature and CGA options to be present in such solicitations. | Signature and CGA options to be present in such solicitations. | |
| SEND nodes can send Router Solicitation messages with a CGA | SEND nodes can send Router Solicitation messages with a CGA | |
| source address and a CGA option, which the router can verify, so | source address and a CGA option, which the router can verify, so | |
| the Neighbor Cache binding is correct. If a SEND node must send | the Neighbor Cache binding is correct. If a SEND node must send | |
| a Router Solicitation with the unspecified address, the router | a Router Solicitation with the unspecified address, the router | |
| will not update its Neighbor Cache, as per RFC 2461. | will not update its Neighbor Cache, as per RFC 2461. | |
| End of changes. | ||
This html diff was produced by rfcdiff v0.42, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||