nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: DHCPv6 authentication

From: "Templin, Fred L" <Fred.L.Templin () boeing com>
Date: Thu, 21 Aug 2014 03:46:18 +0000
Hi Jared,

I am assuming 802.1x (or equivalent) security at L2, but the "link" between
my DHCPv6 client and server is actually a tunnel that may travel over many
network layer hops. So, it is possible for legitimate client A to have its
leases canceled by rogue client B unless DHCPv6 auth or something similar
is used. Yes, rogue client B would also have to be authenticated to connect
to the network the same as legitimate client A, but it could be an "insider
attack" (e.g., where B is a disgruntled employee trying to get back at a
corporate adversary A).

Thanks - Fred
fred.l.templin () boeing com



-----Original Message-----
From: Jared Mauch [mailto:jared () puck nether net]
Sent: Wednesday, August 20, 2014 5:14 PM
To: Templin, Fred L
Cc: nanog list
Subject: Re: DHCPv6 authentication

If you are already connected to the network you are going to be deemed as authenticated. I'm unaware
of anyone doing dhcp authentication.

Jared Mauch


On Aug 20, 2014, at 6:45 PM, "Templin, Fred L" <Fred.L.Templin () boeing com> wrote:

Hi - does anyone know if DHCPv6 authentication is commonly used in
operational networks? If so, what has been the experience in terms
of DHCPv6 servers being able to discern legitimate clients from
rogue clients?

Thanks - Fred
fred.l.templin () boeing com
Previous By Date Next
Previous By Thread Next

Current thread: