How to preempt rogue RAs?

Tore Anderson tore.anderson at
Sun Oct 31 18:24:03 CET 2010


* Gert Doering

> Maybe it's ICS, but not "Win 7 ICS", but Vista...

I figured out how to reproduce the problem now.  It appears to be
present in both Windows 7 and Vista, unfortunately.

You need a computer with two network interfaces, e.g. a wired and a
wireless one.  If ICS is active on the wireless interface, and you
connect to a wired network, the 6to4 prefix derived from the IPv4
address configured on the wired interface will be announced back on the
wired LAN (in addition to a /64 within fec0::/16).  The wireless
interface doesn't even have to be active - it seems to be sufficient
that ICS is enabled on any interface as long as that interface is not
the upstream one.  This is in my opinion not very well designed,
hopefully Microsoft can improve it in future patches.

When the ICS host has already become «rogue», it doesn't help to enable
native RAs on the network - the ICS host ignores them, the 6to4 adapter
is not shut down, and it continues transmitting RAs.

If it's Windows 7, it helps to reboot - if it sees the native RAs when
it starts up it doesn't activate its local 6to4 interface and it doesn't
start spamming RAs.  If it's Vista you pretty much need to disable ICS
in order to stop it from spamming RAs.

Best regards,
Tore Anderson
Redpill Linpro AS -
Tel: +47 21 54 41 27

More information about the ipv6-ops mailing list