But the ND messages don't tell you anything other than the Mac address about which host it actually is. In theory, at least, snooping the DHCP messages might include a hostname or some other useful identifier.
Owen On Feb 27, 2011, at 11:53 AM, Richard Barnes wrote: > In fairness, said device can do the same sort of inspection of SLAAC > traffic. It just looks at neighbor discovery messages instead of DHCP > messages. > > <http://tools.ietf.org/html/draft-ietf-savi-fcfs> > > > On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter > <leigh.por...@ukbroadband.com> wrote: >> >> >> On 27 Feb 2011, at 19:07, Antonio Querubin wrote: >> >>> On Sun, 27 Feb 2011, Mikael Abrahamsson wrote: >>> >>>> On Sun, 27 Feb 2011, Leigh Porter wrote: >>>> >>>>> Does anybody have anything neat to keep logs of what host gets what ipv6 >>>>> address in an SLAAC environment? >>>> >>>> You'd have to correlate ND information in the router to some kind of >>>> record of who has what MAC address at any given time. With SLAAC the host >>>> doesn't "get" an IPv6 address, it "takes" one. >>>> >>>>> This is often required for legislation compliance. DHCP does this well. >>>> >>>> Which is one of the reasons why some of us want DHCPv6 support in hosts. >>> >>> So how does DHCP prevent a host from just taking or hijacking an IP address? >>> >>> Antonio Querubin >>> e-mail/xmpp: t...@lava.net >>> >> >> You can have devices that peek at the DHCP messages and then open filters so >> that you at least know that any host that pops up on the network has used >> DHCP to obtain an IP address. >> >> Now you cannot usually prevent somebody from later hijacking that IP address >> using a fake MAC unless you do something else as well but at least you have >> something of a statefull relationship between an host and the IP address it >> uses. >> >> >> -- >> Leigh Porter >>