nanog mailing list archives
Re: The stupidity of trying to "fix" DHCPv6
From: Matt Addison <matt.addison () lists evilgeni us>
Date: Tue, 14 Jun 2011 16:55:29 -0400
On Tue, Jun 14, 2011 at 12:41, Ray Soucy <rps () maine edu> wrote:
The energy in this thread should be focused on switch vendors to actually implement L2 security features for IPv6, which is usually an easy upgrade; rather than calling for all host implementations of IPv6 to work differently; which will take a decade to implement and be a band-aid at best; not a good long-term design for the protocol.
There was a thread on this subject over on ipv6-ops (Hello to the list and RA guard evasion technique) recently which outlined some of the problems currently facing vendors and implementing those 'easy upgrade' L2 security features. Due to the current state of host stacks with regards to fragment reassembly it's almost impossible to implement easily on a layer 2 device without exposing yourself to other DoS possibilities. There're also some I-Ds which cover the issues: http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt http://tools.ietf.org/id/draft-gont-6man-nd-extension-headers-00.txt ~Matt
Current thread:
- Re: The stupidity of trying to "fix" DHCPv6, (continued)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 16)
- Re: The stupidity of trying to "fix" DHCPv6 Mark Andrews (Jun 16)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 Ricky Beam (Jun 14)
- RE: The stupidity of trying to "fix" DHCPv6 Dave Edelman (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 16)
- Re: The stupidity of trying to "fix" DHCPv6 Matt Addison (Jun 14)
- Re: The stupidity of trying to "fix" DHCPv6 William Herrin (Jun 10)
- Re: Cogent IPv6 Nick Hilliard (Jun 09)
- Re: Cogent IPv6 Ray Soucy (Jun 09)
- Re: Cogent IPv6 Nick Hilliard (Jun 09)
- IPv6 routing protocols Iljitsch van Beijnum (Jun 10)
- Re: IPv6 routing protocols Nick Hilliard (Jun 10)
- Re: IPv6 routing protocols Iljitsch van Beijnum (Jun 10)
- Re: IPv6 routing protocols Iljitsch van Beijnum (Jun 10)
- Re: IPv6 routing protocols Nick Hilliard (Jun 10)
- Re: IPv6 routing protocols Iljitsch van Beijnum (Jun 10)