DHCPv6 default gateway option?

Fred Zwarts F.Zwarts at KVI.nl
Wed Dec 8 08:20:50 UTC 2010


---- Original Message ----
From: "Tim Gavin" <livewire98801 at gmail.com>
To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
Sent: Wednesday, December 08, 2010 8:58 AM
Subject: Re: DHCPv6 default gateway option?

> I don't understand the logic behind using the router for this, I don't
> like how much is built into IPv6.
> 
> All of my devices on our network have a bunch of IPv6 scopes attached
> to them.  It seems like a security problem to me that any router can
> route the traffic on a network.  I would hazard a guess that an
> infected machine could send plenty of advertisements, redirecting a
> large portion of traffic through itself.

An infected machine could send DHCP messages to change the default router as well.
I think the router is the most natural place to decide about routers.
Of course, systems should be protected against faked or intruded router advertisements 
and faked or intruded DHCP servers. 
Such a protection will not occur by adding such an option to the DHCP protocol.
It needs a proper filtering of network trafic, to allow RA only from known routers,
and to allow DHCP trafic only from/to DHCP servers.





More information about the dhcp-users mailing list