Estonian IPv6 deployment report

• Previous message (by thread): Estonian IPv6 deployment report
• Next message (by thread): Estonian IPv6 deployment report
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2014-12-27 17:37, Enno Rey wrote:
> true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.

Yes. I'm aware of the various types of solutions for security in IPv6 with
shared VLANs. I was curious of what solution they used.

> and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).

In P2P-Eth you can always remove the CPE and connect your hacker PC instead,
and then start to inject RAs. Depending on the network this will be handled or
not. Now it sounds they have a good solution in place, no L2 between customer
ports.

/Anders

• Previous message (by thread): Estonian IPv6 deployment report
• Next message (by thread): Estonian IPv6 deployment report
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]