IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices
gert at space.net
Sun May 8 11:19:15 CEST 2011
On Sun, May 08, 2011 at 11:14:13AM +0200, Florian Weimer wrote:
> > IPv6 has SeND to tackle ND-spoofing attacks, but that has not been
> > widely implemented yet.
> SeND does not actually solve anything at all when running on top of
> Ethernet, which is the most important case to deal with.
SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
solves all attacks against redirecting IPv6 packets to a different
MAC address. Combine with static MAC addressing at switch ports
(port-security or static) and you have solved the problem of one
customer stealing another customer's IPv6 packets.
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 306 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110508/38bbc538/attachment.bin
More information about the ipv6-ops