Mac OS X 10.7, still no DHCPv6

• Previous message (by thread): Mac OS X 10.7, still no DHCPv6
• Next message (by thread): Mac OS X 10.7, still no DHCPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In fairness, said device can do the same sort of inspection of SLAAC
traffic.  It just looks at neighbor discovery messages instead of DHCP
messages.

<http://tools.ietf.org/html/draft-ietf-savi-fcfs>


On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter
<leigh.porter at ukbroadband.com> wrote:
>
>
> On 27 Feb 2011, at 19:07, Antonio Querubin wrote:
>
>> On Sun, 27 Feb 2011, Mikael Abrahamsson wrote:
>>
>>> On Sun, 27 Feb 2011, Leigh Porter wrote:
>>>
>>>> Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment?
>>>
>>> You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't "get" an IPv6 address, it "takes" one.
>>>
>>>> This is often required for legislation compliance. DHCP does this well.
>>>
>>> Which is one of the reasons why some of us want DHCPv6 support in hosts.
>>
>> So how does DHCP prevent a host from just taking or hijacking an IP address?
>>
>> Antonio Querubin
>> e-mail/xmpp:  tony at lava.net
>>
>
> You can have devices that peek at the DHCP messages and then open filters so that you at least know that any host that pops up on the network has used DHCP to obtain an IP address.
>
> Now you cannot usually prevent somebody from later hijacking that IP address using a fake MAC unless you do something else as well but at least you have something of a statefull relationship between an host and the IP address it uses.
>
>
> --
> Leigh Porter
>

• Previous message (by thread): Mac OS X 10.7, still no DHCPv6
• Next message (by thread): Mac OS X 10.7, still no DHCPv6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]