On Thu, Feb 19, 2009, Nathan Ward wrote:
So, those people don't use DHCP in IPv4 if this is a concern, so I'm guessing they are not hoping to use DHCPv6 either. Static configuration of IP addressing information and other configuration will work just fine for them.
I wonder, do they use ARP?
In the corporate world, you get wonderful L2/L3 features in switches, such as: * helper address stuff, to run centralised DHCP servers * dhcp sniffing/filtering * per port L2/L3 filters * dynamic arp inspection which are used on corporate LANs to both build out scalable address management platforms (ie, no need to run a DHCP server on each subnet, nor one DHCP server with seperate vlan if's to provide service), control access and mitigate security risks. I don't know what the IPv6 LAN "snooping" functionality is across vendors but the last time I checked this out (say, 2-3 years ago) it was pretty lacking.
The things you are talking about are about protecting against misconfiguration, not about protecting against malicious people.
See above. Adrian