[136320] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Feb 2 10:10:13 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4D496D8B.7020601@brightok.net>
Date: Wed, 2 Feb 2011 07:04:13 -0800
To: Jack Bates <jbates@brightok.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 2, 2011, at 6:43 AM, Jack Bates wrote:
>=20
>=20
> On 2/2/2011 8:22 AM, Tony Finch wrote:
>> Counterexample: rogue RAs from Windows boxes running 6to4 or Teredo =
and
>> Internet Connection Sharing. This is a lot harder to fix than a
>> misconfigured DHCP server.
>=20
> CounterCounterexample: rogue DHCPv6 servers from windows boxes or =
improperly connected CPEs.
>=20
> Both DHCP(4 or 6) and RA require careful filtering to keep rogues from =
jacking things up. Though M$ has a nice deployment for authorizing DHCP4 =
servers in corporate environments.
>=20
It's a lot easier to find and eliminate a rogue DHCP server than a rogue =
RA.
Owen
