[Attendee] Rogue RA
Michael Sinatra
michael at rancid.berkeley.edu
Tue Jun 16 21:20:15 UTC 2009
I mentioned that we often get rogue RAs on wireless networks.
Conferences are no exception. As of right now on my laptop (in the :
michael at eth-0-1e-c2-bf-f8-82:~$ ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.35.167.8 netmask 0xfffffc00 broadcast 192.35.167.255
inet6 fe80::21e:c2ff:febf:f882%en1 prefixlen 64 scopeid 0x6
inet6 2620::ce0:1:21e:c2ff:febf:f882 prefixlen 64 autoconf
>>>> inet6 2002:4bc4:cf11:b:21e:c2ff:febf:f882 prefixlen 64 autoconf
inet6 fec0::b:21e:c2ff:febf:f882 prefixlen 64 autoconf
ether 00:1e:c2:bf:f8:82
media: autoselect status: active
supported media: autoselect
Fortunately, my default route hasn't (yet) changed so I am not having
any connectivity problems related to this.
If I have decoded the 6to4 address properly, the RAs are being announced
by the host with IPv4 address 75.196.207.17, which is a Verizon Wireless
data IP address. If this is you, can you please turn off connection
sharing while you're in the conference area? Also, I wouldn't mind
learning more about your configuration (if you're willing to chat) so
that I can replicate it in the lab. I am testing various defenses
against rogue RAs.
thanks,
michael
More information about the Attendee
mailing list