Re: Recovering from multiple routers advertising routes

To: Bill Cerveny <cerveny@internet2.edu>
Cc: debian-ipv6@lists.debian.org
Subject: Re: Recovering from multiple routers advertising routes
From: Anthony DeRobertis <asd@suespammers.org>
Date: Wed, 14 May 2003 15:41:44 -0400
Message-id: <[🔎] 17B72BFE-8644-11D7-B503-00039317863E@suespammers.org>
In-reply-to: <[🔎] 21554924.1052925040@cerveny.internet2.edu>


On Wednesday, May 14, 2003, at 03:10 PM, Bill Cerveny wrote:

This was also the engineer's point -- he felt IPv4 DHCP was broken inthis manner and this broken behavior was being perpetuated via IPv6router advertisements.


Well, the only solutions are really:

	a) Static adressing
	b) Signed announcements, with replay protection
	c) layer-three switches to only allow announcements from certain
	   ports

(c) is the only solution that doesn't nullify the benefits of autoconf,but it's expensive. (b) requires configuration on each host, andpossibly even a lot of state keeping (for replay prevention) whichdefeats the autoconf goal.

If people on your networks can set up DHCP servers, IPv6 RA's, etc.,then you shouldn't use those services on your network. Or just bewarethat it can happen.

Of course, they could just send out spoofed ARP replies, evil ICMPredirects, etc. to cause the same problems.

Reply to:

Follow-Ups:
- Re: Recovering from multiple routers advertising routes
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Re: Recovering from multiple routers advertising routes
  - From: Bill Cerveny <cerveny@internet2.edu>

Prev by Date: Re: Recovering from multiple routers advertising routes
Next by Date: RE: Recovering from multiple routers advertising routes
Previous by thread: Re: Recovering from multiple routers advertising routes
Next by thread: Re: Recovering from multiple routers advertising routes
Index(es):
- Date
- Thread