[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Handling rogue RA feedback

To: itojun@itojun.org
Subject: Re: Handling rogue RA feedback
From: David Malone <dwmalone@maths.tcd.ie>
Date: Thu, 26 Jul 2007 20:00:18 +0100
Cc: v6ops@ops.ietf.org
In-reply-to: <20070724221114.57B3B233CB@coconut.itojun.org>
References: <4D6D43C5-0036-4F3D-9D83-B06D03AA7D97@muada.com> <20070724221114.57B3B233CB@coconut.itojun.org>
User-agent: Mutt/1.5.6i

On Wed, Jul 25, 2007 at 07:11:14AM +0900, itojun@itojun.org wrote:
> 	- L2 switch solution: filter rogue RAs in the switches, just like
> 	  filter rogue DHCPv4.  you can detect potential RA sources by
> 	  MLD joins to ff02::2 (all-routers link local multicast addr).
> 	  CONS: you cannot protect victims within the same wireless
> 	  base station, for instance.

In 802.11 infrastructure-mode networks, communication between
stations is not direct, but relayed through the access point. The
access point could filter rogue RAs in the same way as a switch
would.  This still leaves the problem of rogue access points or
access point impersonation, but at least makes it part of a more
general well-know problem with 802.11.

(I think part of the 802.11e spec allows direct communication between
associated stations, but I'm not sure how that relates to multicasts
and broadcasts.)

	David.

Follow-Ups:
- Re: Handling rogue RA feedback
  - From: james woodyatt <jhw@apple.com>

References:
- Handling rogue RA feedback
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Handling rogue RA feedback
  - From: itojun@itojun.org (Jun-ichiro itojun Hagino)

Prev by Date: Re: Distributing site-wide RFC 3484 policy
Next by Date: Re: Distributing site-wide RFC 3484 policy
Previous by thread: Re: Handling rogue RA feedback
Next by thread: Re: Handling rogue RA feedback
Index(es):
- Date
- Thread