RA & DHCP problem...

Gert Doering gert at space.net
Mon Dec 30 19:47:58 CET 2013


Hi,

On Mon, Dec 30, 2013 at 04:13:28PM +0100, Lorenzo Colitti wrote:
> No, I mean - from a *security* perspective there's actually no security,
> because if there existed a host implementation that always tried all source
> addresses every time it connected, then that implementation would always
> work with no issues, even if you tried to put it on a restricted VLAN.

No :-) - incoming packets from the host will be put into the assigned
VLAN *only*.  

So exactly one combination of src address + default gw will get anywhere 
(hitting all restrictions if it's a restricted VLAN), and all other 
combinations will get *nowhere* - at least "nowhere off-link" - because 
the source IP will be wrong.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279



More information about the ipv6-ops mailing list