How to preempt rogue RAs?

Michael Sinatra michael at rancid.berkeley.edu
Sat Oct 30 21:17:43 CEST 2010


On 10/30/10 02:31, Martin Millnert wrote:
> Hi Tore,
>
> On Sat, October 30, 2010 10:53 am, Tore Anderson wrote:
>> Hi list,
>>
>> (We suspect they
>> are running Windows Internet Connection Sharing but aren't quite sure.
>> Any insight here would be very welcome.)  These rogue RAs gets picked up
>> by all the other clients and cause trouble, especially for Mac OS X
>> users as they prefer the defective 6to4 connectivity over the proper
>> IPv4 one.
>
> A very ingenious tactic to handle the Windows ICS disaster is simply to
> set the preference of the proper announcements higher than normal.  This
> allegedly makes at least Windows prefer the higher preference
> announcements over others, especially the ICS because they go out as
> normal.  (Hint for MS; why not announce ICS RAs with lowest possible
> preference?)
>
> I have a patched quagga/zebra lying around somewhere, maybe i could make a
> patch out of it some day...

Whoops, this message got threaded in a way that caused me to miss it on 
my client, but this is basically what I suggested.  I know that cisco 
now supports this feature because I use it on UC Berkeley's wireless 
nets and it actually works.

There is no question that a device doing ad-hoc ICS should be announcing 
RAs at preference "low."  It's crazy that they implemented it with the 
default "medium" but perhaps that was based on their interpretation of 
RFC 4191.

michael



More information about the ipv6-ops mailing list