nanog mailing list archives

Re: IPv6 RA vs DHCPv6 - The chosen one?

From: Mohacsi Janos <mohacsi () niif hu>
Date: Fri, 23 Dec 2011 22:13:54 +0100 (CET)




On Fri, 23 Dec 2011, Tomas Podermanski wrote:


Port security does not help in that case (same as 802.1x). Port security
is a layer 2 feature so all layer 3 attacks can be still performed. That
prevents only against source MAC address spoofing. All other attacks
like DAD DOS, NDP Exhaustion, RA flooding etc. can be performed even
though the port security is implemented.

If you can limit number of ARP/NDP entries per interfaces and youcomplement RAGuard and DHCPv4 snooping your are done.


With "extended port security" such a features are comming...
        Best Regards,
                Janos Mohacsi

Current thread:

Re: IPv6 RA vs DHCPv6 - The chosen one?, (continued)
- - - Re: IPv6 RA vs DHCPv6 - The chosen one? Michael Sinatra (Dec 21)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Tomas Podermanski (Dec 22)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Mohacsi Janos (Dec 22)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Michael Sinatra (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Tomas Podermanski (Dec 22)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Valdis . Kletnieks (Dec 22)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Mohacsi Janos (Dec 22)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Tomas Podermanski (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Ray Soucy (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Tomas Podermanski (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Mohacsi Janos (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Jeff Wheeler (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Mohacsi Janos (Dec 23)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Ray Soucy (Dec 22)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Tomas Podermanski (Dec 27)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Ray Soucy (Dec 27)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Tomas Podermanski (Dec 27)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Valdis . Kletnieks (Dec 27)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Mark Tinka (Dec 27)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Seth Mos (Dec 21)
    - Re: IPv6 RA vs DHCPv6 - The chosen one? Owen DeLong (Dec 21)

(Thread continues...)