On Apr 15, 2014, at 10:46 AM, Toke Høiland-Jørgensen <[email protected]> wrote: > As an example, consider a university campus network (or a conference > network) running IPv4 only, and someone broadcasting an RA packet onto > the open wireless. Suddenly everything goes offline and will stay that > way (until the RA expires) since no legitimate RAs come along to tell > hosts to turn IPv4 back on.
Hm, okay, I guess that in order to address that use case you do need to have a DHCPOFFER override an IPv6 "no IPv4" advertisement. However, this still creates a timing race during which an attack could occur. So I think that if you really want to prevent IPv4 being shut off on an IPv4-only network by an RA, you really need to have your own RA going out that offers no prefixes and doesn't say "no IPv4" or else you need to filter IPv6 at layer 2 (which I tend to think is a really bad idea, since it prevents ad-hoc link-local use of IPv6). _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
