[ipv6hackers] RA guard evasion

Fernando Gont fgont at si6networks.com
Wed May 15 02:06:22 CEST 2013

On 05/13/2013 11:24 AM, Matej Gregr wrote:
> Hi guys,
>   most of you are familiar with the concept of RA guard and its ability
> to filter rogue RAs. We have tested 3 switches for access and
> distribution layer and found, that we are able to evade the protection
> quite easilly on all of them. First method is using fragment header and
> this is well known and documented behaviour. However, you are also able
> to evade the protection using several destination options headers (it
> depends on the platform). We believe, that this behaviour is not well
> documented, so we wrote an article.
> http://6lab.cz/article/rogue-router-advertisement-attack/

Do you mean that there's a difference between including one Dst Option
Header (as in Section 2.1 of
vs. multiple Dst Option headers?

Maybe it has to do with how many bytes into the packet the layer-2
device can see/inspect?


Best regards,
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list