nanog mailing list archives
Re: The stupidity of trying to "fix" DHCPv6
From: Joel Jaeggli <joelja () bogus com>
Date: Fri, 10 Jun 2011 14:42:23 -0700
On Jun 10, 2011, at 11:18 AM, Valdis.Kletnieks () vt edu wrote:
On Fri, 10 Jun 2011 12:54:17 CDT, Jima said:If we go down this path, how long before we hear screaming about rogue DHCPv6 servers giving v4-only networks a false v6 path?Already happened. Good way to install an MITM against any v6-enabled boxes on a v4-only network, been multiple reported uses of that technique.
What's more v4 seem rather less likely to have any countermeasures or methods for detecting this... Back when I worked for a security vendor our endpoint security product specifically disabled ipv6 to address this exposure.
Current thread:
- Re: The stupidity of trying to "fix" DHCPv6, (continued)
- Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Leo Bicknell (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Leo Bicknell (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Kevin Loch (Jun 11)
- Re: The stupidity of trying to "fix" DHCPv6 Daniel Roesen (Jun 12)
- Re: The stupidity of trying to "fix" DHCPv6 Seth Mos (Jun 12)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Jima (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Valdis . Kletnieks (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Joel Jaeggli (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Leo Bicknell (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Valdis . Kletnieks (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Rhys Rhaven (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Iljitsch van Beijnum (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Owen DeLong (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 George Herbert (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Cutler James R (Jun 10)
- The Business Wisdom of trying to "fix" DHCPv6 Cutler James R (Jun 10)
- Re: The stupidity of trying to "fix" DHCPv6 Matthew Reath (Jun 10)