Educause Security Discussion mailing list archives
Re: IPv6 and DHCP
From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Thu, 10 May 2012 19:42:59 +0000
I think even within the IETF there's no longer a strong assumption that IPv6 will be "self-managing" in all, or even most, networks. Since we're in a security forum, I think it's pretty easy for us to realize that "self-managing networks" would need an awful lot of bolt-around management/monitoring tricks to keep up with the normal sorts of incident response that we deal with daily in IPv4 networks. My personal expectation is that the IPv6 internet will end up much like the current IPv4 Internet - a mix of static addressing for servers and network devices run by organizations, and DHCP in client networks. Future Internet-of-devices scenarios may result in good use cases for SLAAC, but I can't personally fathom how I'd manage response on a big campus network of SLAAC+Privacy mode addressing on end-user devices. I'd also be interested in experience reports; our IPv6 work hasn't quite gotten to DHCPv6 testing. -jml -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Martin Manjak Sent: Thursday, May 10, 2012 2:29 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IPv6 and DHCP If you're running IPv6, and you've tested, or deployed, DHCP tools, we are interested in what you may have discovered. Our staff were using the following as a starting place for looking into this issue: https://en.wikipedia.org/wiki/IP_address_management Granted, we could have a debate about whether it makes sense to manage an addressing protocol designed to be self-administering. But I think we have to first determine whether or not it's feasible. So any experience with the products on the wikipedia page, or anything else, would be greatly appreciated. Marty Martin Manjak CISSP, GIAC GSEC-G Information Security Officer University at Albany MSC 209 518/437-3813 The University at Albany will never ask you to reveal your password. Please ignore all such requests.
Current thread:
- IPv6 and DHCP Martin Manjak (May 10)
- Re: IPv6 and DHCP John Ladwig (May 10)
- Re: IPv6 and DHCP Kern, Paul (May 10)
- Re: IPv6 and DHCP John Hoffoss (May 23)
- Re: IPv6 and DHCP Phillip Deneault (May 23)
- Compromised Accounts Procedures Robert Meyers (May 23)
- Re: Compromised Accounts Procedures Tonkin, Derek K. (May 23)
- Re: Compromised Accounts Procedures Aaron Kirby (May 23)
- Re: Compromised Accounts Procedures Jacobson, Dick (May 23)
- Re: Compromised Accounts Procedures Aaron Kirby (May 23)
- Re: Compromised Accounts Procedures Robert Meyers (May 23)
- Re: Compromised Accounts Procedures Tonkin, Derek K. (May 23)
- Re: IPv6 and DHCP John Ladwig (May 10)