turning on comcast v6

Owen DeLong owen at delong.com
Sat Jan 4 19:03:21 UTC 2014

> For IPv6, you can become a/the router for a segment with the origination of a single packet. Instantly.  That’s something you can never do with DHCPv4.

A router, yes. THE router, not unless the network is very stupidly put together.

>> Well… Sure, 15 years after DHCP attacks first started being a serious problem… I doubt it will take anywhere near 15 years for RA guard on by default to be the norm in switches, etc.
> It'll **NEVER** be a default because it breaks too many clueless people's networks.  Just like, surprise, DHCP "guard" isn't on by default in any gear I'm aware of.

I disagree. Unlike with DHCP guard, RA guard can make reasonable predictions in most cases. Switches with “uplink” ports designated, for example, could easily default to permitting RAs only from those ports.


