[147813] in North American Network Operators' Group
Re: IPv6 RA vs DHCPv6 - The chosen one?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Dec 22 15:42:53 2011
To: Tomas Podermanski <tpoder@cis.vutbr.cz>
In-Reply-To: Your message of "Thu, 22 Dec 2011 21:04:42 +0100."
<4EF38D5A.4070003@cis.vutbr.cz>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 22 Dec 2011 15:38:59 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1324586339_2451P
Content-Type: text/plain; charset=us-ascii
On Thu, 22 Dec 2011 21:04:42 +0100, Tomas Podermanski said:
> Well, then how many devices do you have in the network that uses IPv6?
1,300+ wireless access points, 1,100+ switches, 30k+ users, around 55%
doing at least some IPv6 traffic (mostly when they hit Google).
> Do you have implemented first hop security? What will you do when some
> user runs RA flood attack
> (http://samsclass.info/ipv6/proj/flood-router6a.htm).
"First actual case of a bug being found" -- Lt Cmdr Grace Hopper
I've asked around, and although everybody understands it's an issue, the number
of people actually *seeing* one of these attacks is... Bueller? Bueller?
--==_Exmh_1324586339_2451P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFO85VjcC3lWbTT17ARAvKtAJ427k4HuOrSTiNeqpfcOl5IGZ6tBQCg3g2B
8L04hu098J7O9sjYTMPadgY=
=dIrX
-----END PGP SIGNATURE-----
--==_Exmh_1324586339_2451P--
