How to preempt rogue RAs?
Mikael Abrahamsson
swmike at swm.pp.se
Sun Oct 31 21:49:14 CET 2010
On Sun, 31 Oct 2010, George Bonser wrote:
> Sounds like there is a case to be made for having an md5 signature
> option on RAs so your stuff can be configured to only "believe" your
> RAs.
>
> I can't believe something like that isn't already part of the standard
> considering how harmful rogue RAs are and how common the problem is.
Yes, it's really bad that this wasn't done a long time ago.
It's being done now anyway:
<http://ipv6.com/articles/research/Secure-Neighbor-Discovery.htm>
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list