How to preempt rogue RAs?
tjc at ecs.soton.ac.uk
Sat Nov 27 10:51:50 CET 2010
On 27 Nov 2010, at 00:30, Fernando Gont wrote:
> On 30/10/2010 06:03 a.m., Gert Doering wrote:
>> There's are a couple of IETF drafts focusing on this problem:
>> "the problem statement" (plus ideas on mitigation, like L2 ACLs)
>> "how a switch implementation could help fixing this"
> My take is that this will fix the "accidental" rogue IPv6 router
> problem, but not the malicious router IPv6 problem.
How does RA Guard not help with the malicious rogue RA problem?
> I'm in the process of crafting some code to actually check the idea I
> have in mind... and will share afterwards.
Have you looked at ramond (on sourceforge)?
More information about the ipv6-ops