Home page logo

nanog logo nanog mailing list archives

Re: turning on comcast v6
From: Owen DeLong <owen () delong com>
Date: Mon, 6 Jan 2014 13:30:00 -0800

On Jan 6, 2014, at 13:22 , Paul Ferguson <fergdawgster () mykolab com> wrote:

Hash: SHA256

On 1/6/2014 1:08 PM, Owen DeLong wrote:

The port isn't particularly trusted, but it is allowed to send RAs
which are forwarded to the network by default. Obviously a sane
switch would allow this configuration to be changed. We're not
talking about the security model for a network, we're talking about
the default behavior of a switch.

Defaults are, inherently guesses to some extent. Nonetheless, a
switch must have some default behavior.

It seems to me that in the case of switches which have otherwise
designated uplink ports, it is logical to make those ports default
to RA allowed while defaulting to not allowing RAs from other ports
by default.

Some people do not want switches making IP address assignments. That's
all. :-)


I don't think I said anything even remotely like that.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]