Mac OS X 10.7, still no DHCPv6

Owen DeLong owen at delong.com
Sun Feb 27 17:04:55 CST 2011


But the ND messages don't tell you anything other than the Mac
address about which host it actually is. In theory, at least, snooping
the DHCP messages might include a hostname or some other
useful identifier.

Owen

On Feb 27, 2011, at 11:53 AM, Richard Barnes wrote:

> In fairness, said device can do the same sort of inspection of SLAAC
> traffic.  It just looks at neighbor discovery messages instead of DHCP
> messages.
> 
> <http://tools.ietf.org/html/draft-ietf-savi-fcfs>
> 
> 
> On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter
> <leigh.porter at ukbroadband.com> wrote:
>> 
>> 
>> On 27 Feb 2011, at 19:07, Antonio Querubin wrote:
>> 
>>> On Sun, 27 Feb 2011, Mikael Abrahamsson wrote:
>>> 
>>>> On Sun, 27 Feb 2011, Leigh Porter wrote:
>>>> 
>>>>> Does anybody have anything neat to keep logs of what host gets what ipv6 address in an SLAAC environment?
>>>> 
>>>> You'd have to correlate ND information in the router to some kind of record of who has what MAC address at any given time. With SLAAC the host doesn't "get" an IPv6 address, it "takes" one.
>>>> 
>>>>> This is often required for legislation compliance. DHCP does this well.
>>>> 
>>>> Which is one of the reasons why some of us want DHCPv6 support in hosts.
>>> 
>>> So how does DHCP prevent a host from just taking or hijacking an IP address?
>>> 
>>> Antonio Querubin
>>> e-mail/xmpp:  tony at lava.net
>>> 
>> 
>> You can have devices that peek at the DHCP messages and then open filters so that you at least know that any host that pops up on the network has used DHCP to obtain an IP address.
>> 
>> Now you cannot usually prevent somebody from later hijacking that IP address using a fake MAC unless you do something else as well but at least you have something of a statefull relationship between an host and the IP address it uses.
>> 
>> 
>> --
>> Leigh Porter
>> 





More information about the NANOG mailing list