[ipv6hackers] IPv6 Security research
Marc Heuse
mh at mh-sec.de
Mon Mar 26 08:57:21 CEST 2012
Am 25.03.2012 21:39, schrieb Fernando Gont:
> On 03/20/2012 10:05 AM, Marc Heuse wrote:
>> (good thing Microsoft fixed the RA flooding issue. right? ;-) )
>
> But still too bad that Cisco has not yet fixed RA-Guard? ;-) Or have they?
that was a joke, M$ has NOT fixed the RA flooding issue ;-) why would
they care?
And Cisco cant fix RA guard. The mitigation techniques must be
implemented on the client side, like the "drop overlapping fragments"
stuff, or not allowing extension headers for NDP/RA packets etc.
Only then RA guard can work.
Greet,
Marc
P.S. funny that you are doing your IPv6 talk after my keynote at hackito
ergo sum in Paris in a few weeks. I have the feeling this is not a
coincidence :-)
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers
mailing list