Unwanted RA on LAN

Tim Chown tjc at ecs.soton.ac.uk
Wed Mar 9 08:14:03 CET 2011


On 9 Mar 2011, at 07:05, Rod James Bio wrote:

> Hello,
> 
>    I've been seeing 2002:ca5a::/32 advertise on our LAN recently, actually it's two /64 advertised by two machine. I was wondering if anybody had any past experience on this? I would like to know what application or operating system feature is causing this so I could disable it and remove this RA's on our LAN. Already search Google about this but no luck in finding anything. Below is the output of ifconfig on my workstation. Thank you.
>       inet6 addr: 2002:ca5a:9f36:4:216:eaff:fec5:ebc/64 Scope:Global
>       inet6 addr: 2002:ca5a:9f5a:9:216:eaff:fec5:ebc/64 Scope:Global
> 
> Rod
> 
Almost certainly a Windows box with ICS turned on.    See RFC6104 on rogue RAs.

Try http://ramond.sourceforge.net as one way to deprecate them (albeit a hack), otherwise wait for implementations of RA Guard (RFC6105), or add ACLs to filter the RAs on switch ports that don't have router interfaces upstream.  

Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110309/8805aa4a/attachment.htm>


More information about the ipv6-ops mailing list