[c-nsp] Blocking IPv6 on WiSM?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Aug 26 08:11:27 EDT 2010
On 26/08/10 12:14, Antonio Querubin wrote:
> On Thu, 26 Aug 2010, Phil Mayers wrote:
>
>> On 06/08/10 19:57, Phil Mayers wrote:
>>> All,
>>>
>>> We have occasional but serious problems with rogue IPv6 routers on our
>>> Cisco lightweight wireless service (WiSMs in 6500s). Win7/vista machines
>
> Might want to look at this use of scapy to detect and mitigate those
> effects:
>
> http://ipv6hawaii.org/?p=143
It's the same approach as "ramond", with the same limitations - as per
my follow-up email, it doesn't solve the issue with rogue DHCPv6 servers
attached to a WiSM; you can't ACL them off by UDP port (because the WiSM
ACLs are IPv4 only) and they hand out DNS-over-v6 servers which then "go
away" causing massive client timeout issues.
More information about the cisco-nsp
mailing list