IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices
Florian Weimer
fw at deneb.enyo.de
Sun May 8 10:39:27 CEST 2011
* Mikael Abrahamsson:
> It depends on what you mean by "secure". SLAAC is inherently "host can
> take whatever address it want as long as it's not already in use".
I'm mostly interested in IPv6 over Ethernet. It seems to me that with
SLAAC, any host in the same broadcast domain can tell the Ethernet
layer to redirect any IPv6 traffic to it. I would call this
"insecure".
> Inherently SLAAC is "flexible" and "easy", which usually implies "not
> secure" :P
Is there any other technology which prevents Ethernet-based attacks on
IPv6?
To my knowledge, the only thing that can be implemented in a
cross-vendor fashion is to put each host into its own broadcast
domain, but tool support for that appears to be poor.
More information about the ipv6-ops
mailing list