On 06/10/10 05:33, Tim Chown wrote:
The draft is focused on rogue RAs as that has been an operational issue for us in our dual-stack enterprise for quite some time. The potential for additional forms of 'badness' to come from RA-based DNS configuration are worth noting, but the mitigations in general are the same. There may be some additional mitigation methods specific to the DNS option/configuration.
Speaking as a DNS person, I can do a LOT more harm on your network if I can successfully direct your clients onto my malicious name server than rerouting their prefix information, and the name server hack will be much harder to detect.
Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/