dslreports logo
    All Forums Hot Topics Gallery


Search Topic:
share rss forum feed

Raleigh, NC

2 recommendations

reply to whfsdude

Re: IPv6 for residential users

Well the same can be said for DHCP.

Actually, DHCP is a lot more tame.

Rogue RA vs Rogue DHCP:

Rogue RA... hosts on the network will immediately respond to any RAs. That means building an address and routing to whom ever is claiming to be origin of the RA. It doesn't have to be a different prefix. And the RA is trivial to spoof. (not that many lans carry enough traffic to "DoS" a single machine, making spoofing a bad idea unless you want to be detected almost immediately.) And as was recently reported, windows systems have no upper bounds on the number of RAs they will obey, which results in a very effective, instant DoS. (mac and linux limit is 15)

Rogue DHCP... has zero immediate effect on the network. Hosts that already have an address won't notice it at all -- they will continue the normal unicast renewal process. Only new devices will possibly notice it during the broadcast discovery phase. Which ever dhcp server gets an answer to the client first wins. The rogue is not guaranteed to win that race. And history has shown foreign dhcp servers tend to call attention to themselves by making a mess, but even where care is taken to minimize problems, they won't be completely eliminated.

In the end, rogue dhcp is a long term hack that doesn't always work. Rogue RA always works, instantly. Most random hacks aren't done by people willing to wait days for their hacks to be fruitful.