[ipv6hackers] SLAAC and DHCPv6 support (was Re: IPv6 security presentation at Hack.lu 2011)

Fernando Gont fgont at si6networks.com
Wed Sep 28 02:17:19 CEST 2011

Hi, Jim,

On 09/27/2011 08:36 PM, Jim Small wrote:
>> Last time I checked (1-2 years ago), neither Windows, nor any of
>> the open source OSes I was using supported RDNSS by default.
> Here's a good list of RDNSS and DHCPv6 support for most O/S: 
> http://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems
>  Notably though OS X 10.7 supports it, along with some versions of
> UNIX/Linux.  Crossing my fingers for Windows 8...

Thanks for the info! -- I assume that the OS versions listed in the URL
above correspond to the first version of the OS which included support
for each feature... Skiming through the list, it seems that RDNSS
support was added to "latest version of X", which in most cases dates
back to only a few months ago.... Thus, I don't think one could rely on
support for such RDNSS, unfortunately.

-- not to mention that no version of Windows supports it... which in
most general scenarios makes this a "show stopper".

>>> Real LAN based security remains possible with SeND,
>> ... if only one could deploy it for the general case.
> Unfortunately I have no good news here.  AFAIK it's not even in the
> stock BSD/Linux kernels and there is no option I know of for
> Apple/Microsoft O/S nor plans/interest from those vendors in
> supporting it.

Even "implementation-wise" (i.e., even if SEND were deployable), it
would take years before OS versions with support for SEND replace
existing installations. -- That essentially mean that it would take many
years before you could actually think/try about deploying SEND.

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list