My reading of the diff was that it's indeed about link local, hence my question.
-- 
Sent from a small device. Please excuse interesting auto-correct.

17 Nov 2024 20:59:10 Fernando Gont <fgont@si6networks.com>:

> Hi,
> 
> On 16/11/24 18:25, Florian Obser wrote:
>> I'm probably missing something because I've never used PPP with IPv6.
>> What does this solve? It's not like you are going to run out of space in fe80::/10 and if the PPP server is attacking your ndp table you have bigger problems...
> 
> If the OP refers to link-local addresses, there's probably not much of a reason (that I know of, at least).
> 
> OTOH, if he refers to a GUA (assuming he's assigning a GUA to such interfaces), then it does make sense (see https://www.rfc-editor.org/rfc/rfc6583.txt ).
> 
> TLDR; a remote attacker address-scanning the associated subnet can trigger NCE (neighbor cache exhaustion).
> 
> Cheers,
> -- 
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494