[168006] in North American Network Operators' Group
Re: turning on comcast v6
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Sat Jan 4 11:11:31 2014
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <9D39E329-B2C3-4F53-ABD9-19C3D3D83539@delong.com>
Date: Sat, 4 Jan 2014 10:10:24 -0600
To: Owen DeLong <owen@delong.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 3, 2014, at 7:52 PM, Owen DeLong <owen@delong.com> wrote:
> Well=85 Sure, 15 years after DHCP attacks first started being a =
serious problem=85 I doubt it will take anywhere near 15 years for RA =
guard on by default to be the norm in switches, etc.
I count over a dozen ethernet switches in my home that do not have DHCP =
guard. Indeed, half of them do not have a management interface at all. =
Even my "business class cable modem" does not implement DHCP guard on =
it's integrated switch.
I also don't know of a single device, from any vendor, that turns DHCP =
guard on by default. I'd appreciate pointers if there is one.
I know a half dozen people sent some form of "don't do that" when I gave =
the example of plugging in a "rogue" router with my corporate scenario. =
Maybe in a corporate scenario that's plausible, there will be =
intelligent admins (ha!). What happens when Joe Home User buys a new =
Linksys and wants to plug it in to get a firmware update before =
installing it? Are we really supposed to expect that every Joe =
Homeowner understands RA Guard and configures it for their home network?
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
