[ipv6hackers] IPv6 Security research

Fernando Gont fgont at si6networks.com
Mon Mar 26 13:45:26 CEST 2012


On 03/26/2012 08:57 AM, Marc Heuse wrote:

> And Cisco cant fix RA guard. The mitigation techniques must be
> implemented on the client side, like the "drop overlapping fragments"
> stuff, or not allowing extension headers for NDP/RA packets etc.
> Only then RA guard can work.

That's not correct.

RA-Guard *can* be fixed. Please see:
<http://tools.ietf.org/id/draft-ietf-v6ops-ra-guard-implementation-02.txt>.



> P.S. funny that you are doing your IPv6 talk after my keynote at hackito
> ergo sum in Paris in a few weeks. I have the feeling this is not a
> coincidence :-)

Not sure what you mean...

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492






More information about the Ipv6hackers mailing list