IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices

Gert Doering gert at space.net
Sun May 8 10:45:38 CEST 2011


On Sun, May 08, 2011 at 10:39:27AM +0200, Florian Weimer wrote:
> * Mikael Abrahamsson:
> > It depends on what you mean by "secure". SLAAC is inherently "host can
> > take whatever address it want as long as it's not already in use".
> I'm mostly interested in IPv6 over Ethernet.  It seems to me that with
> SLAAC, any host in the same broadcast domain can tell the Ethernet
> layer to redirect any IPv6 traffic to it.  I would call this
> "insecure".

Just like IPv4 over Ethernet, indeed.  Nothing particularily related to
*SLAAC* - a malicous host can do this on any address allocation technology,
as long as the network components don't validate what hosts are doing.

IPv6 has SeND to tackle ND-spoofing attacks, but that has not been 
widely implemented yet.

Gert Doering
        -- NetMaster
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list