Home page logo
/

nanog logo nanog mailing list archives

Re: turning on comcast v6
From: Paul Ferguson <fergdawgster () mykolab com>
Date: Mon, 06 Jan 2014 13:22:27 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 1/6/2014 1:08 PM, Owen DeLong wrote:

The port isn't particularly trusted, but it is allowed to send RAs
which are forwarded to the network by default. Obviously a sane
switch would allow this configuration to be changed. We're not
talking about the security model for a network, we're talking about
the default behavior of a switch.

Defaults are, inherently guesses to some extent. Nonetheless, a
switch must have some default behavior.

It seems to me that in the case of switches which have otherwise
designated uplink ports, it is logical to make those ports default
to RA allowed while defaulting to not allowing RAs from other ports
by default.

Some people do not want switches making IP address assignments. That's
all. :-)

- - ferg

- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLLHpMACgkQKJasdVTchbL6+gEApBli/t4RF4Eq3XroJkqrRmgn
9WYSy2ReVwo7Bx9l+PMA/16zyzwOgG4fdNc9zgt0A4Pb+dGpMBx8LkRY6Kj71F5t
=J8uY
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault