IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices

Gert Doering gert at space.net
Sun May 8 11:19:15 CEST 2011


On Sun, May 08, 2011 at 11:14:13AM +0200, Florian Weimer wrote:
> > IPv6 has SeND to tackle ND-spoofing attacks, but that has not been 
> > widely implemented yet.
> SeND does not actually solve anything at all when running on top of
> Ethernet, which is the most important case to deal with.  

SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
solves all attacks against redirecting IPv6 packets to a different
MAC address.  Combine with static MAC addressing at switch ports 
(port-security or static) and you have solved the problem of one
customer stealing another customer's IPv6 packets.

Gert Doering
        -- NetMaster
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 306 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110508/38bbc538/attachment.bin 

More information about the ipv6-ops mailing list