In your previous mail you wrote:
(about SEND support)
Support for DHCP would probably be possible too, if there
was demand for this. Is there?
= in fact there is no real reason for DHCP and static configuration
to be incompatible with SEND: the only constraint is to give a
On Wed, 21 Sep 2005, Jari Arkko wrote:
Presumably all you'd need to do is to look at all packets that have
protocol = icmpv6 (despite whether they are addressed to you or not).
You might filter further based on the type of message, but I think
we'd already be in the neighborhood of feasible
Title: Solicit comments on draft-pashby-ipv6-detecting-spoofing-00.txt
This draft was presented in Paris, but did not have time for discussion. We would appreciate any comments.
IETF IPv6 working group mailing list
ipv6
Another set of quick comments:
There are two well documented vulnerabilities in the basic IPv6
architecture: Neighbor Discover spoofing and Host Redirection.
There is the SeND RFC [send] that addresses authenticating these
interactions. Certain networks may choose not to uses (or cannot
use)
the issue
without too many false positives.
-Original Message-
From: Jari Arkko [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 21, 2005 13:02
To: Pashby, Ronald W CTR NSWCDD-B35
Cc: ipv6@ietf.org
Subject: Re: Solicit comments on
draft-pashby-ipv6-detecting-spoofing-00.txt
Another set
Pashby, Ronald W CTR NSWCDD-B35 wrote:
The problem with promiscuous monitoring in a switched network is that, if is more than one switch
you would need monitors on each switch, because traffic that is between two ports on the same
switch does not get forwarded to the other switch. Another