[138028] in North American Network Operators' Group
Re: Mac OS X 10.7, still no DHCPv6
daemon@ATHENA.MIT.EDU (Leigh Porter)
Sun Feb 27 14:17:29 2011
From: Leigh Porter <leigh.porter@ukbroadband.com>
In-Reply-To: <alpine.OSX.2.00.1102270906430.150@antonio-querubins-imac-g5-9.local>
Date: Sun, 27 Feb 2011 19:17:20 +0000
To: Antonio Querubin <tony@lava.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 27 Feb 2011, at 19:07, Antonio Querubin wrote:
> On Sun, 27 Feb 2011, Mikael Abrahamsson wrote:
>=20
>> On Sun, 27 Feb 2011, Leigh Porter wrote:
>>=20
>>> Does anybody have anything neat to keep logs of what host gets what =
ipv6 address in an SLAAC environment?
>>=20
>> You'd have to correlate ND information in the router to some kind of =
record of who has what MAC address at any given time. With SLAAC the =
host doesn't "get" an IPv6 address, it "takes" one.
>>=20
>>> This is often required for legislation compliance. DHCP does this =
well.
>>=20
>> Which is one of the reasons why some of us want DHCPv6 support in =
hosts.
>=20
> So how does DHCP prevent a host from just taking or hijacking an IP =
address?
>=20
> Antonio Querubin
> e-mail/xmpp: tony@lava.net
>=20
You can have devices that peek at the DHCP messages and then open =
filters so that you at least know that any host that pops up on the =
network has used DHCP to obtain an IP address.=20
Now you cannot usually prevent somebody from later hijacking that IP =
address using a fake MAC unless you do something else as well but at =
least you have something of a statefull relationship between an host and =
the IP address it uses.
--
Leigh Porter=
