Lorenzo Colitti wrote:
> It's not the *only* option. There are large networks - O(100k) IPv6 nodes -
> that do ND monitoring for accountability, and it does work for them. Many
> devices support this via syslog, even. As you can imagine, my Android
> device gets IPv6 at work, even though it doesn't support DHCPv6. Other
> universities, too. It's obviously not your chosen or preferred mechanism,
> but it does work.
Considering that a DOS attack from a node using a lot of addresses to
effectively disable logging, SLAAC must not be used, unless maximum N,
the maximum number of addresses for a node to have, is standardized (
assuming a node is securely identified through the first hop security,
which is necessary to enforce the number of addresses used by each node).
Masataka Ohta
