How to preempt rogue RAs?
Shane Kerr
shane at time-travellers.org
Mon Nov 1 14:38:59 CET 2010
Mikael,
On Sun, 2010-10-31 at 21:49 +0100, Mikael Abrahamsson wrote:
> On Sun, 31 Oct 2010, George Bonser wrote:
>
> > Sounds like there is a case to be made for having an md5 signature
> > option on RAs so your stuff can be configured to only "believe" your
> > RAs.
> >
> > I can't believe something like that isn't already part of the standard
> > considering how harmful rogue RAs are and how common the problem is.
>
> Yes, it's really bad that this wasn't done a long time ago.
>
> It's being done now anyway:
>
> <http://ipv6.com/articles/research/Secure-Neighbor-Discovery.htm>
Sure, SEND/CGA is cool. I can't seem to find any implementations though.
Pointers?
--
Shane
More information about the ipv6-ops
mailing list