IPv6 equivalent to DHCP Option 82 for geolocating customer MACs to certain ports of Multi-port Layer 2 demarcation devices
gert at space.net
Sun May 8 11:57:52 CEST 2011
On Sun, May 08, 2011 at 11:43:36AM +0200, Florian Weimer wrote:
> * Gert Doering:
> > SeND alone will validate the IPv6-to-MAC layer mapping, which nicely
> > solves all attacks against redirecting IPv6 packets to a different
> > MAC address. Combine with static MAC addressing at switch ports
> > (port-security or static) and you have solved the problem of one
> > customer stealing another customer's IPv6 packets.
> You still need unicast flood protection.
What's the attack that would be prevented by that? ND cache overflowing?
> Does this type of static address configuration really work in
> practice? I would expect to cause it trouble with mobile devices and
Well, it depends on what type of devices you have there, and what the
attacks are that you want to defend against.
did you enable IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 306 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110508/a17bf1ab/attachment.bin
More information about the ipv6-ops