[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Fernando Gont fgont at si6networks.com
Tue Sep 27 16:22:14 CEST 2011


On 09/26/2011 10:28 PM, Owen DeLong wrote:
> I will point out that NDP spoofing is no worse than ARP spoofing in IPv4,
> so, I'm not sure how you can say that it is not an equivalent level of first
> hop security.

It's way easier to policy ARP traffic than it is to police NS/NA traffic.

The reason basically being described in:
<http://blog.si6networks.com/2011/09/router-advertisement-guard-ra-guard.html>

The contents of the aforementioned article also applies to NS/NA-based
attacks...

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492






More information about the Ipv6hackers mailing list