nanog mailing list archives
Re: turning on comcast v6
From: Owen DeLong <owen () delong com>
Date: Fri, 3 Jan 2014 17:52:25 -0800
On Jan 3, 2014, at 12:40 AM, Doug Barton <dougb () dougbarton us> wrote:
On 01/02/2014 10:30 PM, TJ wrote:I'd argue that while the timing may be different, RA and DHCP attacks are largely the same and are simply variations on a theme.Utter nonsense. The ability to nearly-instantly switch traffic for nearly-all nodes on the network is a very different thing than what a rogue DHCP server could do, even if you have ridiculously short lease times, which most don’t
Not entirely true, actually… If you’re willing to work hard enough at it, most hosts can be “encouraged” to renew early.
Further, by far the common case is for network gear to _already_ be configured to avoid permitting hosts to act as DHCP servers unless they are supposed to be. It's rare to even find a network device that has RA Guard capabilities, never mind one that has them turned on.
Well… Sure, 15 years after DHCP attacks first started being a serious problem… I doubt it will take anywhere near 15 years for RA guard on by default to be the norm in switches, etc.
There is simply no good reason not to include default route in the configuration for DHCPv6, and it's long overdue.
As I’ve said before, if we’re going to bother doing it, we should just include RIO options, but otherwise, I agree with you. Owen
Current thread:
- Re: turning on comcast v6, (continued)
- Re: turning on comcast v6 TJ (Jan 02)
- Re: turning on comcast v6 Doug Barton (Jan 03)
- Re: turning on comcast v6 Baldur Norddahl (Jan 03)
- Re: turning on comcast v6 Doug Barton (Jan 03)
- Re: turning on comcast v6 Baldur Norddahl (Jan 03)
- Re: turning on comcast v6 Doug Barton (Jan 03)
- Re: turning on comcast v6 Baldur Norddahl (Jan 04)
- Re: turning on comcast v6 Doug Barton (Jan 06)
- Re: turning on comcast v6 Owen DeLong (Jan 06)
- Re: turning on comcast v6 TJ (Jan 02)
- Re: turning on comcast v6 Matt Palmer (Jan 03)
- Re: turning on comcast v6 Owen DeLong (Jan 03)
- Re: turning on comcast v6 Paul Ferguson (Jan 03)
- RE: turning on comcast v6 Raymond Burkholder (Jan 03)
- Re: turning on comcast v6 Ricky Beam (Jan 03)
- Re: turning on comcast v6 Owen DeLong (Jan 04)
- Re: turning on comcast v6 Ricky Beam (Jan 06)
- Re: turning on comcast v6 Owen DeLong (Jan 06)
- Re: turning on comcast v6 Paul Ferguson (Jan 06)
- Re: turning on comcast v6 Owen DeLong (Jan 06)
- Re: turning on comcast v6 Aled Morris (Jan 06)
- Re: turning on comcast v6 Leo Bicknell (Jan 04)