> For IPv6, you can become a/the router for a segment with the origination of a > single packet. Instantly. That’s something you can never do with DHCPv4. >
A router, yes. THE router, not unless the network is very stupidly put together. >> Well… Sure, 15 years after DHCP attacks first started being a serious >> problem… I doubt it will take anywhere near 15 years for RA guard on by >> default to be the norm in switches, etc. > > It'll **NEVER** be a default because it breaks too many clueless people's > networks. Just like, surprise, DHCP "guard" isn't on by default in any gear > I'm aware of. I disagree. Unlike with DHCP guard, RA guard can make reasonable predictions in most cases. Switches with “uplink” ports designated, for example, could easily default to permitting RAs only from those ports. Owen
