Unwanted RA on LAN
Tim Chown
tjc at ecs.soton.ac.uk
Fri Mar 11 01:27:30 CET 2011
Hi Brian,
Not sure what you mean - inevitably the rogue RAs we see are 6to4 from connection sharing methods. Usually get tracked down to ICS but we also for example have seen an Android phone as the offender.
Stats over 6-8 months show we have rogue RAs present over 50% of the time. Which would cause significant issues if we didn't have measures to mitigate them.
Tim
On 9 Mar 2011, at 18:35, Brian E Carpenter wrote:
> Tim, these are 6to4 addresses. Is there a specific reason for that, do you think?
>
> Regards
> Brian
>
> On 2011-03-09 20:14, Tim Chown wrote:
>> On 9 Mar 2011, at 07:05, Rod James Bio wrote:
>>
>>> Hello,
>>>
>>> I've been seeing 2002:ca5a::/32 advertise on our LAN recently, actually it's two /64 advertised by two machine. I was wondering if anybody had any past experience on this? I would like to know what application or operating system feature is causing this so I could disable it and remove this RA's on our LAN. Already search Google about this but no luck in finding anything. Below is the output of ifconfig on my workstation. Thank you.
>>> inet6 addr: 2002:ca5a:9f36:4:216:eaff:fec5:ebc/64 Scope:Global
>>> inet6 addr: 2002:ca5a:9f5a:9:216:eaff:fec5:ebc/64 Scope:Global
>>>
>>> Rod
>>>
>> Almost certainly a Windows box with ICS turned on. See RFC6104 on rogue RAs.
>>
>> Try http://ramond.sourceforge.net as one way to deprecate them (albeit a hack), otherwise wait for implementations of RA Guard (RFC6105), or add ACLs to filter the RAs on switch ports that don't have router interfaces upstream.
>>
>> Tim
More information about the ipv6-ops
mailing list