[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPv6 Confusion
On Thu, Feb 19, 2009, Nathan Ward wrote:
> So, those people don't use DHCP in IPv4 if this is a concern, so I'm
> guessing they are not hoping to use DHCPv6 either.
> Static configuration of IP addressing information and other
> configuration will work just fine for them.
>
> I wonder, do they use ARP?
In the corporate world, you get wonderful L2/L3 features in switches,
such as:
* helper address stuff, to run centralised DHCP servers
* dhcp sniffing/filtering
* per port L2/L3 filters
* dynamic arp inspection
which are used on corporate LANs to both build out scalable address
management platforms (ie, no need to run a DHCP server on each subnet,
nor one DHCP server with seperate vlan if's to provide service), control
access and mitigate security risks.
I don't know what the IPv6 LAN "snooping" functionality is across
vendors but the last time I checked this out (say, 2-3 years ago)
it was pretty lacking.
> The things you are talking about are about protecting against
> misconfiguration, not about protecting against malicious people.
See above.
Adrian