IPv6 Nodes on the same link use NDP (rfc4861) to discover each other’s presence and link-layer addresses, to find routers, and to maintain reachability information about the paths to active neighbors. Both hosts and routers use NDP. Its functions include Neighbor Discovery (ND), Router Discovery (RD), Address Autoconfiguration, Address Resolution, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD), and Redirection.
If not secured, NDP is vulnerable to various attacks. SEND specifies security mechanisms for NDP. Unlike those in the original NDP specifications, these mechanisms do not use IPsec.
Read the rest of this entry »