router advertisements on open subnets

Mikael Abrahamsson swmike at swm.pp.se
Tue Dec 15 08:10:43 CET 2009


On Tue, 15 Dec 2009, Chris Caputo wrote:

> On an open subnet, such as a public WiFi network, what is to stop a 
> guest host from announcing IPv6 router advertisements (ICMPv6 type 134) 
> to the subnet, thus competing with the intended gateway and potentially 
> drawing traffic through/to it for analysis or blackholing?

On any type of LAN, there is nothing to stop this. The IETF has 
historically totally dropped the ball on this kind of security function to 
mitigate that problem (there is nothing to stop them doing ARP spoofing 
either), but nowadays there is the SAVI WG who are trying to standardize a 
framework both for IPv4 and v6 for vendors to implement so that this can 
be done securely.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se



More information about the ipv6-ops mailing list