On Feb 27, 2011, at 10:25 25AM, Dobbins, Roland wrote:
On Feb 27, 2011, at 10:22 PM, Mikael Abrahamsson wrote:
Which is one of the reasons why some of us want DHCPv6 support in hosts.
Also for traceback when hunting down compromised/abusive hosts.
You really need to look at switch logs for that, even with IPv4: http://www.cs.columbia.edu/~smb/talks/arp-attack.pdf Also don't forget privacy-enhanced addresses. We all know that bad guys make up addresses whenever it suits their needs. (I'm part of an ongoing discussion about a currently-active series of incidents, all relying on spoofed source addresses.) DHCP logs or configurations are not going to help against the folks we really care about. For the ankle-biters -- well, SLAAC is better in many ways, since the IP address itself tells you the MAC address, which makes applying filters so much easier... I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and ending up with equivalent effort. I am saying that security is not a strong argument. --Steve Bellovin, http://www.cs.columbia.edu/~smb