[ipv6hackers] IPv6 security presentation at Hack.lu 2011

fred fred at fredbovy.com
Tue Sep 27 04:33:27 CEST 2011

I would then say that it is a bit more complicated to fool NDP than ARP
because of its more sophisticated FSM, NUD, and so on...

So why NDP could be worse than ARP ? Because it can advertise a default
router with a RA? If the answer is yes maybe there is a way (which I would
not recommend anyway) to stop the router from sending RA and configure the
end node from DHCPv6 or manually. Just like IPv4 would do.

Or is there anything else where NDP spoofing is worst than ARP spoofing ? I
would really think the opposite...


Le 27/09/2011 03:28, « Owen DeLong » <owend at he.net> a écrit :

> I will point out that NDP spoofing is no worse than ARP spoofing in IPv4,
> so, I'm not sure how you can say that it is not an equivalent level of first
> hop security.
> Owen


Fred Bovy
fred at fredbovy.com
Skype: fredericbovy
Mobile: +33676198206
Siret: 5221049000017
Twitter: http://twitter.com/#!/FredBovy
Blog: http://fredbovyipv6.blogspot.com/
ccie #3013

More information about the Ipv6hackers mailing list