Home page logo

nanog logo nanog mailing list archives

Re: turning on comcast v6
From: Paul Ferguson <fergdawgster () mykolab com>
Date: Mon, 06 Jan 2014 13:22:27 -0800

Hash: SHA256

On 1/6/2014 1:08 PM, Owen DeLong wrote:

The port isn't particularly trusted, but it is allowed to send RAs
which are forwarded to the network by default. Obviously a sane
switch would allow this configuration to be changed. We're not
talking about the security model for a network, we're talking about
the default behavior of a switch.

Defaults are, inherently guesses to some extent. Nonetheless, a
switch must have some default behavior.

It seems to me that in the case of switches which have otherwise
designated uplink ports, it is logical to make those ports default
to RA allowed while defaulting to not allowing RAs from other ports
by default.

Some people do not want switches making IP address assignments. That's
all. :-)

- - ferg

- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]