Does a Linux machine know that a Router Advertisement didn't come from a default router?
I tried to send 2 RA packets using Scapy with the destination as ff02::1.
One packet I sent using the source address of the default router, while the other using a lower LLA.
The default routes were not generated. How did Linux figure it out? Is
there a way to know the errors that were hit? I don't know where the "ND_PRINTK" outputs go for the function "ndisc_router_discovery". How do I enable tracing for ND prints. I looked into "dmesg" but there were no logs there.
Dheeraj
On Wed, Jun 15, 2022 at 12:27 PM Dheeraj Kandula <
[email protected]> wrote:
Thanks Marc. This is a requirement.
Thus I will conclude that the kernel doesn't limit the number of RAs. I
have to figure out a way to do this from user space.
Dheeraj
On Wed, Jun 15, 2022 at 11:49 AM Marc Haber <[email protected]> wrote:
On Wed, Jun 15, 2022 at 10:23:18AM -0400, Dheeraj Kandula wrote:
This is to avoid DOS attacks using RAs from being bombarded onto a linux >> > machine.
You have malicious users on your LAN and cannot do anything against
them?
(RAs are link local communication and should not pass over routers,
thus, RAs must originate in the local network).
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im
Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224
1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224
1600421
<div dir="ltr"><div>Does a Linux machine know that a Router Advertisement didn't come from a default router?</div><div><br></div><div>I tried to send 2 RA packets using Scapy with the destination as ff02::1. One packet I sent using the source address
of the default router, while the other using a lower LLA.</div><div><br></div><div>The default routes were not generated. How did Linux figure it out? Is there a way to know the errors that were hit? I don't know where the "ND_PRINTK"
outputs go for the function "ndisc_router_discovery". How do I enable tracing for ND prints. I looked into "dmesg" but there were no logs there.</div><div><br></div><div><br></div><div>Dheeraj<br></div></div><br><div class="gmail_
quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 15, 2022 at 12:27 PM Dheeraj Kandula <<a href="mailto:
[email protected]">
[email protected]</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px
solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Thanks Marc. This is a requirement.<br></div><div><br></div><div>Thus I will conclude that the kernel doesn't limit the number of RAs. I have to figure out a way to do this from user
space.<br></div><div><br></div><div>Dheeraj<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 15, 2022 at 11:49 AM Marc Haber <<a href="mailto:mh%
[email protected]" target="_blank">mh+debian-ipv6@
zugschlus.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Jun 15, 2022 at 10:23:18AM -0400, Dheeraj Kandula wrote:<br>
> This is to avoid DOS attacks using RAs from being bombarded onto a linux<br>
> machine.<br>
You have malicious users on your LAN and cannot do anything against<br> them?<br>
(RAs are link local communication and should not pass over routers,<br>
thus, RAs must originate in the local network).<br>
Greetings<br>
Marc<br>
-- <br> -----------------------------------------------------------------------------<br>
Marc Haber | "I don't trust Computers. They | Mailadresse im Header<br>
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402<br>
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421<br>
</blockquote></div>
</blockquote></div>
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)