[ipv6hackers] IPv6 Security research

Marc Heuse mh at mh-sec.de
Mon Mar 26 08:57:21 CEST 2012

Am 25.03.2012 21:39, schrieb Fernando Gont:
> On 03/20/2012 10:05 AM, Marc Heuse wrote:
>> (good thing Microsoft fixed the RA flooding issue. right? ;-) )
> But still too bad that Cisco has not yet fixed RA-Guard? ;-) Or have they?

that was a joke, M$ has NOT fixed the RA flooding issue ;-) why would
they care?

And Cisco cant fix RA guard. The mitigation techniques must be
implemented on the client side, like the "drop overlapping fragments"
stuff, or not allowing extension headers for NDP/RA packets etc.
Only then RA guard can work.


P.S. funny that you are doing your IPv6 talk after my keynote at hackito
ergo sum in Paris in a few weeks. I have the feeling this is not a
coincidence :-)

Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list