Home page logo

nanog logo nanog mailing list archives

Re: IPv6 RA vs DHCPv6 - The chosen one?
From: Valdis.Kletnieks () vt edu
Date: Fri, 23 Dec 2011 15:44:30 -0500

On Fri, 23 Dec 2011 21:06:26 +0100, Tomas Podermanski said:
On 12/23/11 4:33 AM, Owen DeLong wrote:
If there is actual real world demand for it, it will get implemented.
Reality is that today, DHCPv4 has been running just as insecure for many years
and nobody cares. I don't know why the bar for IPv6 should be so much higher
than IPv4.

I can not agree with that. Many operators having customers into a shared
segment and uses security features I mentioned before ( again DHCP
snooping, ARP protection, source address validation).

Hate to inject some reality here - but Owen is totally correct here. That's all
stuff you do *because DHCPv4 is an insecure protocol*.  And a *lot* of places
don't do all that added security on the IPv4 side because it's not part of their
threat model, and probably don't want it on the IPv6 side for the same exact

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]