-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2023-04-29 at 19:34 +0300, Andrei Borzenkov wrote:
On 29.04.2023 18:50, Lew Wolfgang wrote:
By the way, how do you mitigate the rogue RA problem? There's even a RFC about it? (RFC-6104) As mentioned, I've been affected by this at work.
And in our office someone connected an appliance with DHCPv4 server so in the morning nobody could access servers and routers. Where is the difference? If someone has physical access and/or administrator privileges all bets are off.
To prevent it you need to secure your infrastructure and do not allow anyone to access network unauthenticated. But it has nothing to do with IPv4 vs IPv6.
At a school where I was getting a training (on networking) the teacher commented that someone created a virtual machine in one of the Windows machines. Using Vmware Player. It was part of the training (another one, another group). Well, but the virtual machine was running a DHCP server... next thing, the people in the administrative section commented and said they could not use their computer. The entire school ADSL router happened to be in that schoolroom :-) It drove them nuts, exploring the entire school. - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZE1byxwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVyOQAniJuq4l9T0HOaPrm49bA a3pHlssnAKCQjUauo+XudO25O7iWbG5s75tRAw== =LGLd -----END PGP SIGNATURE-----