[138079] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Mac OS X 10.7, still no DHCPv6

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sun Feb 27 23:35:47 2011

From: "Dobbins, Roland" <rdobbins@arbor.net>
To: nanog group <nanog@nanog.org>
Date: Mon, 28 Feb 2011 04:35:37 +0000
In-Reply-To: <071A89DA-A414-4DCC-BC47-3C86AB67EFE0@cs.columbia.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Feb 28, 2011, at 10:47 AM, Steven Bellovin wrote:

> You really need to look at switch logs for that, even with IPv4: http://w=
ww.cs.columbia.edu/~smb/talks/arp-attack.pdf

And flow telemetry, and so forth, yes.  With BCP deployment in terms of ant=
i-ARP-spoofing and DCHP snooping/source guard, traceback becomes whole lot =
easier.

> Also don't forget privacy-enhanced addresses.

Yes, which have extremely negative opsec connotations in terms of complicat=
ing traceback.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[138079] in North American Network Operators' Group

Re: Mac OS X 10.7, still no DHCPv6

daemon@ATHENA.MIT.EDU (Dobbins, Roland)Sun Feb 27 23:35:47 2011

daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Sun Feb 27 23:35:47 2011