router advertisements on open subnets
Mikael Abrahamsson
swmike at swm.pp.se
Tue Dec 15 08:10:43 CET 2009
On Tue, 15 Dec 2009, Chris Caputo wrote:
> On an open subnet, such as a public WiFi network, what is to stop a
> guest host from announcing IPv6 router advertisements (ICMPv6 type 134)
> to the subnet, thus competing with the intended gateway and potentially
> drawing traffic through/to it for analysis or blackholing?
On any type of LAN, there is nothing to stop this. The IETF has
historically totally dropped the ball on this kind of security function to
mitigate that problem (there is nothing to stop them doing ARP spoofing
either), but nowadays there is the SAVI WG who are trying to standardize a
framework both for IPv4 and v6 for vendors to implement so that this can
be done securely.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list