[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Owen DeLong
owend at he.net
Sun Sep 25 11:39:52 CEST 2011
On Sep 24, 2011, at 2:23 PM, Fernando Gont wrote:
> On 09/22/2011 03:01 PM, Gert Doering wrote:
>> Hi, On Wed, Sep 21, 2011 at 09:37:11PM -0300, Arturo Servin wrote:
>>> Jean, Regarding SEND AFAIK, you need a certificate in each device
>>> requesting network information to validate the source. For that
>>> requirement only, SEND is not easy to deploy.
>>
>> You need the PKI infrastructure to validate RAs.
>
> If you don't validate RA's, then an attacker would simply spoof RA's,
> and would have all packets forwarded to him, thus defeating any
> protection that could have been provided with the CGAs.
>
Unless you use RA Guard instead.
Owen
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
More information about the Ipv6hackers
mailing list