[147229] in North American Network Operators' Group
Re: HP IPv6 RA Guard
daemon@ATHENA.MIT.EDU (Daniel Espejel)
Mon Dec 5 22:36:52 2011
Date: Mon, 05 Dec 2011 21:35:35 -0600
From: Daniel Espejel <daniel.unam.ipv6@gmail.com>
To: nanog@nanog.org
In-Reply-To: <mailman.15875.1323080381.1873.nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
So,still assuming the fact that attackers will use the same "traditional
ipv4" methods to alter the correct functioning over a network?...Well,
maybe. Toda's IPv6 expertise for some network andmins and security
experts is minimal. So most trainning and understanding before
implementing its a good idea.
For example, the RA-Guard method has a significant vulnerability: It's
not designed to identify a "complex" IPv6-many extension headers formed
packet (F. Gont - 6Networks). Some other security oriented mechanisms
may fail because of the low IPv6 compliance.
Regards.
--
Daniel Espejel Pérez
Técnico Académico
D.G.T.I.C. - U.N.A.M.
GT-IPv6 CLARA / GT-IPv6 U.N.A.M.
