Reply to post: Re: I'll have a go at translating that into English

Juniper: Yes, IPv6 ping-of-death hits Junos OS, too


Re: I'll have a go at translating that into English

"ARP is only valid on a particular switch on an internal network. It is not something that an external (internet) host should be able to mess with. Turns out you can make our switches melt by messing with inbound traffic that your systems thought they had requested because our switches simply believe what the traffic says rather than checking. As a result our funky protection mechanisms run out of resources that they were never really designed for. We fucked up, soz."

For anyone that is curious, how this happens is all IPv4 traffic uses ARP. The difference, is the router is forwarding packets to the next router. ARP and packet forwarding say on a point-to-point link between two routers has only two MAC addresses. This means the MAC for one router is associated with all internet traffic and the other MAC is associated with all LAN traffic. Now, IPV6 does not use ARP, but uses Neighbor Discovery (ND) instead. ND is basicly the same principle a s ARP.

As previously stated, it needs to be set to static, or else we are screwed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021