Mitigating IPv6 Neighbor Discovery DoS Attack Using Stateless Neighbor Presence Discovery

Document Type Expired Internet-Draft (individual)
Last updated 2013-08-24 (latest revision 2013-02-20)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


One of the functions of IPv6 Neighbor Discovery is to discover whether a specified neighbor is present. During the neighbor presence discovery process state is created. A node's capacity for this state can be intentionally exhausted to perform a denial of service attack, known as the "Neighbor Discovery DoS Attack". This memo proposes a stateless form of neighbor presence discovery to prevent this Neighbor Discovery DoS Attack.


Mark Smith (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)