On 4/29/23 09:34, Andrei Borzenkov wrote:
On 29.04.2023 18:50, Lew Wolfgang wrote:
By the way, how do you mitigate the rogue RA problem? There's even a RFC about it? (RFC-6104) As mentioned, I've been affected by this at work.
And in our office someone connected an appliance with DHCPv4 server so in the morning nobody could access servers and routers. Where is the difference? If someone has physical access and/or administrator privileges all bets are off.
To prevent it you need to secure your infrastructure and do not allow anyone to access network unauthenticated. But it has nothing to do with IPv4 vs IPv6.
Of course, but on our network a Windows user could, through ignorance, configure her legitimately connect host to advertise a route to a second interface on her machine. That's different from malicious intent requiring overt compromise of the physical network. The Rogue Router Advertisement problem was so acute that an RFC was created. Indeed, the whole neighbor discovery process is funky. Regards, Lew