[116153] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Blocking IPv6 broadcast

daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Thu Jul 23 06:16:45 2009

Date: Thu, 23 Jul 2009 12:15:56 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Sharef Mustafa <sharef.mustafa@paltel.net>
In-Reply-To: <E15DC930F4BEB849A14D7F6F4B01ACC703E8028F@PALTELMAIL.wb.paltel.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Thu, 23 Jul 2009, Sharef Mustafa wrote:

> How can I block such broadcast from entering my network?

If you are not doing any L2 security for IPv6, you probably want to block 
the IPv6 ethertype packets altogether.

Found a link here that might be useful:

<http://ardenpackeer.com/security/security-common-ethertypes-in-vlan-access-maps/>

I suggest anyone with L2 possibility between customers to implement 
something like this to avoid rogue RAs.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[116153] in North American Network Operators' Group

Re: Blocking IPv6 broadcast

daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)Thu Jul 23 06:16:45 2009

daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Thu Jul 23 06:16:45 2009