[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Fernando Gont
fgont at si6networks.com
Tue Sep 27 16:22:14 CEST 2011
On 09/26/2011 10:28 PM, Owen DeLong wrote:
> I will point out that NDP spoofing is no worse than ARP spoofing in IPv4,
> so, I'm not sure how you can say that it is not an equivalent level of first
> hop security.
It's way easier to policy ARP traffic than it is to police NS/NA traffic.
The reason basically being described in:
<http://blog.si6networks.com/2011/09/router-advertisement-guard-ra-guard.html>
The contents of the aforementioned article also applies to NS/NA-based
attacks...
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list