[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Operational comments on RAs vs DHC

To: v6ops@ops.ietf.org
Subject: Re: Operational comments on RAs vs DHC
From: Tim Chown <tjc@ecs.soton.ac.uk>
Date: Mon, 19 Mar 2007 18:38:49 +0000
In-reply-to: <20070319184455.J13205@mignon.ki.iif.hu>
Mail-followup-to: v6ops@ops.ietf.org
References: <20070319154235.GF27293@login.ecs.soton.ac.uk> <20070319184455.J13205@mignon.ki.iif.hu>
User-agent: Mutt/1.4i

On Mon, Mar 19, 2007 at 07:00:31PM +0100, Mohacsi Janos wrote:
> 
> On Mon, 19 Mar 2007, Tim Chown wrote:
> 
> >- Using a higher precedence RA (assuming hosts/routers support it)
> 
> This not really helps. Malicious RA advertisers can use high priority 
> also.

It could help for 'accidental' RAs coming from the unwitting user's laptop.
 
> I would list an other option also. Logging ICMPv6 activity - especially 
> RS/RA. If the controlling/monitoring station is detecting incosistency 
> then alert the administrator about the MAC addresses of malicious 
> "routers".

> In short term I think logging can alert admins. I long term a kind of 
> switch assisted solution would nice to have. I am willing to invest some 
> more time to investigate the problem....

Tools to detect unintended RAs and alert administrators would be useful,
I agree.
 
-- 
Tim

References:
- Operational comments on RAs vs DHC
  - From: Tim Chown <tjc@ecs.soton.ac.uk>
- Re: Operational comments on RAs vs DHC
  - From: Mohacsi Janos <mohacsi@niif.hu>

Prev by Date: Re: Operational comments on RAs vs DHC
Next by Date: Re: Operational comments on RAs vs DHC
Previous by thread: Re: Operational comments on RAs vs DHC
Next by thread: Re: Operational comments on RAs vs DHC
Index(es):
- Date
- Thread