[177082] in North American Network Operators' Group
Re: Estonian IPv6 deployment report
daemon@ATHENA.MIT.EDU (=?windows-1252?Q?Anders_L=F6winger)
Sun Dec 28 06:02:11 2014
X-Original-To: nanog@nanog.org
Date: Sun, 28 Dec 2014 12:01:57 +0100
From: =?windows-1252?Q?Anders_L=F6winger?= <anders@abundo.se>
To: nanog@nanog.org
In-Reply-To: <20141227163733.GI33692@ernw.de>
Errors-To: nanog-bounces@nanog.org
On 2014-12-27 17:37, Enno Rey wrote:
> true, but some (most) of them only apply in networks where multicasting=
/ND is fully supported which is not necessarily the case in the above typ=
e of networks.
Yes. I'm aware of the various types of solutions for security in IPv6 wit=
h
shared VLANs. I was curious of what solution they used.
> and, from what I understand, in their scenario RAs are not sent to link=
-local scope all nodes (ff02::1), so that would eliminate another attack =
vector (depending on the actual processing of RAs on the CPEs).
In P2P-Eth you can always remove the CPE and connect your hacker PC inste=
ad,
and then start to inject RAs. Depending on the network this will be handl=
ed or
not. Now it sounds they have a good solution in place, no L2 between cust=
omer
ports.
/Anders
