[ipv6hackers] SLAAC and DHCPv6 support (was Re: IPv6 security presentation at Hack.lu 2011)

Fernando Gont fgont at si6networks.com
Thu Sep 29 07:32:33 CEST 2011

On 09/28/2011 10:10 AM, fred wrote:
> There is a long list of simple attacks (DoS, MITM,...) which can be done
> from a local access, IPv4 or IPv6... A very long list! That's why we need
> IDS to prevent all these attacks and neutralize the attacker...

An IDS will do little in this case.

> Did we consider that it was a showstopper for IPv4 ?

Nobody considered this a showstopper. We simply discussed the
aforementioned vulnerabilities, and tried to converge on the best
possible ways to mitigate them.

Bottom-line is that we need to get over the idea that discussing
drawbacks of or vulnerabilities in IPv6 makes us IPv6 heretics.

We really need to improve the current state of affairs of IPv6 security.
And that can only be achieved through increased awareness and community
efforts (.e.g, brainstorming on the best ways to mitigate
vulnerabilities, etc.)

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list