router advertisements on open subnets
Dale W. Carder
dwcarder at wisc.edu
Tue Dec 15 18:42:03 CET 2009
On Dec 14, 2009, at 11:31 PM, Chris Caputo wrote:
> On an open subnet, such as a public WiFi network, what is to stop a
> guest
> host from announcing IPv6 router advertisements (ICMPv6 type 134) to
> the
> subnet, thus competing with the intended gateway and potentially
> drawing
> traffic through/to it for analysis or blackholing?
If your equipment supports it, apply inbound ACL's as close to
the edge as you can. We do this for various things like dhcp,
ra, mcast groups, etc we don't want.
Dale
More information about the ipv6-ops
mailing list