[ipv6hackers] IPv6 Security research
Fernando Gont
fgont at si6networks.com
Mon Mar 26 13:45:26 CEST 2012
On 03/26/2012 08:57 AM, Marc Heuse wrote:
> And Cisco cant fix RA guard. The mitigation techniques must be
> implemented on the client side, like the "drop overlapping fragments"
> stuff, or not allowing extension headers for NDP/RA packets etc.
> Only then RA guard can work.
That's not correct.
RA-Guard *can* be fixed. Please see:
<http://tools.ietf.org/id/draft-ietf-v6ops-ra-guard-implementation-02.txt>.
> P.S. funny that you are doing your IPv6 talk after my keynote at hackito
> ergo sum in Paris in a few weeks. I have the feeling this is not a
> coincidence :-)
Not sure what you mean...
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list