[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Fernando Gont fgont at si6networks.com
Sat Sep 24 23:23:07 CEST 2011


On 09/22/2011 03:01 PM, Gert Doering wrote:
> Hi, On Wed, Sep 21, 2011 at 09:37:11PM -0300, Arturo Servin wrote:
>> Jean, Regarding SEND AFAIK, you need a certificate in each device
>> requesting network information to validate the source. For that
>> requirement only, SEND is not easy to deploy.
> 
> You need the PKI infrastructure to validate RAs.

If you don't validate RA's, then an attacker would simply spoof RA's,
and would have all packets forwarded to him, thus defeating any
protection that could have been provided with the CGAs.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





More information about the Ipv6hackers mailing list