On 14/06/2011 02:23, Fernando Gont wrote:
This is something that vendors should answer. As long as there are
implementations that may try DHCPv6 even if no RA is received, DHCPv6
should be implemented/deployed along RA-Guard, or else attackers will
switch to teh DHCPv6 vector, and RA-Guard will b
On 14/06/2011 00:09, Stephen Farrell wrote:
* RFC 6105 – "IPv6 Router Advertisement Guard"
* RFC 6106 – "IPv6 Router Advertisement Options for DNS
Configuration", §7 in particular.
maybe mention draft-gont-v6ops-ra-guard-evasion? It's not a strategic
focused document, but giv
On 10/06/2011 22:51, Fernando Gont wrote:
* This results in a RA-Guard implementation that is as simple as
possible (it only has to look at the header following the fixed IPv6
header).
dhcpv6 suffers from exactly the same problem. Are there plans to introduce
dhcpv6-guard?
Nick