[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 2 Feb 2011 07:04:13 -0800
Owen DeLong <owen at delong.com> wrote:

> On Feb 2, 2011, at 6:43 AM, Jack Bates wrote:
> > 
> > 
> > On 2/2/2011 8:22 AM, Tony Finch wrote:
> >> Counterexample: rogue RAs from Windows boxes running 6to4 or Teredo and
> >> Internet Connection Sharing. This is a lot harder to fix than a
> >> misconfigured DHCP server.
> > 
> > CounterCounterexample: rogue DHCPv6 servers from windows boxes or improperly connected CPEs.
> > 
> > Both DHCP(4 or 6) and RA require careful filtering to keep rogues from jacking things up. Though M$ has a nice deployment for authorizing DHCP4 servers in corporate environments.
> > 
> It's a lot easier to find and eliminate a rogue DHCP server than a rogue RA.

How is that the case? The next hop for the default gateway that the
rogue RA installs is the link local address, you look up the neighbor
cache if the link local address doesn't have a MAC address in it, and
then use layer 2 information to identify where it is attached. That's
also the usual technique for finding and disabling a rogue DHCP server,
so how is it any harder?