[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Fernando Gont
fgont at si6networks.com
Sun Sep 25 17:04:31 CEST 2011
On 09/25/2011 06:39 AM, Owen DeLong wrote:
>> If you don't validate RA's, then an attacker would simply spoof RA's,
>> and would have all packets forwarded to him, thus defeating any
>> protection that could have been provided with the CGAs.
>
> Unless you use RA Guard instead.
Please take a look at our blog:
<http://blog.si6networks.com/2011/09/router-advertisement-guard-ra-guard.html>
You may also take a look at http://www.thc.org for a publicly available
tool that implements at least some of the variants described in our blog.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list