On Thu, Feb 19, 2009, Nathan Ward wrote: > So, those people don't use DHCP in IPv4 if this is a concern, so I'm > guessing they are not hoping to use DHCPv6 either. > Static configuration of IP addressing information and other > configuration will work just fine for them. > > I wonder, do they use ARP?
In the corporate world, you get wonderful L2/L3 features in switches, such as: * helper address stuff, to run centralised DHCP servers * dhcp sniffing/filtering * per port L2/L3 filters * dynamic arp inspection which are used on corporate LANs to both build out scalable address management platforms (ie, no need to run a DHCP server on each subnet, nor one DHCP server with seperate vlan if's to provide service), control access and mitigate security risks. I don't know what the IPv6 LAN "snooping" functionality is across vendors but the last time I checked this out (say, 2-3 years ago) it was pretty lacking. > The things you are talking about are about protecting against > misconfiguration, not about protecting against malicious people. See above. Adrian
