Hello to the list and RA guard evasion technique
martin at millnert.se
Sun May 29 23:52:08 CEST 2011
On Sun, 2011-05-29 at 19:04 +0200, S.P.Zeidler wrote:
> Thus wrote Ben Jencks (ben at bjencks.net):
> > [..] -- if the attacker is going to this length to bypass RA guard, then there's no room for plausible deniability, and you can terminate the subscriber on the spot. Only really applicable to ISP-type networks, though.
Well, is it in an ISPs or company's interest to lose a subscriber or
employee based on the above? The person's computer may have been
> s/subscriber/employee/ too.
> The more difficult case is probably if you are an internet cafe or hotspot
> with wireless services.
Most universities and companies i know have enabled ethernet ports
sitting around just about everywhere. From my experience, in reality,
few manage their ports completely.
For enterprise networks, another approach is to not rely on L2 or L3
security, but end-to-end via TLS/SSH etc between servers and user
systems. An approach which seems increasingly reasonable to me.
More information about the ipv6-ops