router advertisements on open subnets

Dale W. Carder dwcarder at wisc.edu
Tue Dec 15 18:42:03 CET 2009


On Dec 14, 2009, at 11:31 PM, Chris Caputo wrote:
> On an open subnet, such as a public WiFi network, what is to stop a  
> guest
> host from announcing IPv6 router advertisements (ICMPv6 type 134) to  
> the
> subnet, thus competing with the intended gateway and potentially  
> drawing
> traffic through/to it for analysis or blackholing?

If your equipment supports it, apply inbound ACL's as close to
the edge as you can.  We do this for various things like dhcp,
ra, mcast groups, etc we don't want.

Dale




More information about the ipv6-ops mailing list