IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices
Gert Doering
gert at space.net
Sun May 8 10:45:38 CEST 2011
Hi,
On Sun, May 08, 2011 at 10:39:27AM +0200, Florian Weimer wrote:
> * Mikael Abrahamsson:
>
> > It depends on what you mean by "secure". SLAAC is inherently "host can
> > take whatever address it want as long as it's not already in use".
>
> I'm mostly interested in IPv6 over Ethernet. It seems to me that with
> SLAAC, any host in the same broadcast domain can tell the Ethernet
> layer to redirect any IPv6 traffic to it. I would call this
> "insecure".
Just like IPv4 over Ethernet, indeed. Nothing particularily related to
*SLAAC* - a malicous host can do this on any address allocation technology,
as long as the network components don't validate what hosts are doing.
IPv6 has SeND to tackle ND-spoofing attacks, but that has not been
widely implemented yet.
Gert Doering
-- NetMaster
--
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list