nanog mailing list archives
Re: quietly....
From: Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>
Date: Thu, 3 Feb 2011 07:53:45 +1030
On Wed, 2 Feb 2011 07:04:13 -0800 Owen DeLong <owen () delong com> wrote:
On Feb 2, 2011, at 6:43 AM, Jack Bates wrote:On 2/2/2011 8:22 AM, Tony Finch wrote:Counterexample: rogue RAs from Windows boxes running 6to4 or Teredo and Internet Connection Sharing. This is a lot harder to fix than a misconfigured DHCP server.CounterCounterexample: rogue DHCPv6 servers from windows boxes or improperly connected CPEs. Both DHCP(4 or 6) and RA require careful filtering to keep rogues from jacking things up. Though M$ has a nice deployment for authorizing DHCP4 servers in corporate environments.It's a lot easier to find and eliminate a rogue DHCP server than a rogue RA.
How is that the case? The next hop for the default gateway that the rogue RA installs is the link local address, you look up the neighbor cache if the link local address doesn't have a MAC address in it, and then use layer 2 information to identify where it is attached. That's also the usual technique for finding and disabling a rogue DHCP server, so how is it any harder? Mark
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Mark Andrews (Feb 02)
- Re: quietly.... Ricky Beam (Feb 02)
- Re: quietly.... Lamar Owen (Feb 02)
- Re: quietly.... Tony Finch (Feb 02)
- Re: quietly.... Mark Andrews (Feb 02)
- Re: quietly.... Nick Hilliard (Feb 02)
- Re: quietly.... Randy Bush (Feb 02)
- Re: quietly.... Tony Finch (Feb 02)
- Re: quietly.... Jack Bates (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... Mark Smith (Feb 02)
- Re: quietly.... Mohacsi Janos (Feb 03)
- Re: quietly.... Jack Bates (Feb 02)
- Re: quietly.... Randy Bush (Feb 02)
- Re: quietly.... John Payne (Feb 02)
- Re: quietly.... Valdis . Kletnieks (Feb 02)
- Re: quietly.... Jeff Kell (Feb 02)
- Re: quietly.... Mark Andrews (Feb 02)
- Re: quietly.... Ricky Beam (Feb 02)
- Re: quietly.... Mark Andrews (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)