[167997] in North American Network Operators' Group
Re: turning on comcast v6
daemon@ATHENA.MIT.EDU (Ricky Beam)
Sat Jan 4 01:07:17 2014
To: "Owen DeLong" <owen@delong.com>
Date: Sat, 04 Jan 2014 01:06:56 -0500
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <9D39E329-B2C3-4F53-ABD9-19C3D3D83539@delong.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 03 Jan 2014 20:52:25 -0500, Owen DeLong <owen@delong.com> wrote:
> Not entirely true, actually… If you’re willing to work hard enough at
> it, most hosts can be “encouraged” to renew early.
Short of commandline access, no there isn't. (crashing or otherwise
triggering a reboot, isn't a "renew"; that's a full broadcast restart)
And RENEW isn't at issue as that's a unicast request directly with the
original DHCP server. Simply turning up your own instance will do nothing
there. (attempting to impersonate the real server isn't what were talking
about.)
For IPv6, you can become a/the router for a segment with the origination
of a single packet. Instantly. That's something you can never do with
DHCPv4.
> Well… Sure, 15 years after DHCP attacks first started being a serious
> problem… I doubt it will take anywhere near 15 years for RA guard on by
> default to be the norm in switches, etc.
It'll **NEVER** be a default because it breaks too many clueless people's
networks. Just like, surprise, DHCP "guard" isn't on by default in any
gear I'm aware of.
