Lew Wolfgang wrote:
On 4/29/23 11:42, Per Jessen wrote:
Of course, but on our network a Windows user could, through ignorance, configure her legitimately connect host to advertise a route to a second interface on her machine. I guess your corporate networking policy is very different to anything I have seen in over thirty years. My wife works for a bank - there is virtually nothing she can do to her laptop.
It's a large research environment.
I'm not sure if that explains the lax security policies :-)
That's different from malicious intent requiring overt compromise of the physical network. The Rogue Router Advertisement problem was so acute that an RFC was created. Indeed, so acute it was left to rot ever since. If you have read the RFC (I have now), it is clear there is nothing acute about that issue, it virtually never happens.
It happened to us.
Exception to prove the rule, I would say. Lew, you bring it up here, amongst some people who have been doing ipv6 networking for fifteen years and more, and all you get is a "shrug". I think that says exactly how acute the problem is. For my own environment: * nobody unauthorised has access to the datacentre * nobody unauthorised has access to our offices * unauthorised guest devices don't get ipv6. * hosted (virtual or real) customers are very much locked down. -- Per Jessen, Zürich (15.8°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes