On 2014-12-27 17:37, Enno Rey wrote:
true, but some (most) of them only apply in networks where multicasting/ND is fully supported which is not necessarily the case in the above type of networks.
Yes. I'm aware of the various types of solutions for security in IPv6 with shared VLANs. I was curious of what solution they used.
and, from what I understand, in their scenario RAs are not sent to link-local scope all nodes (ff02::1), so that would eliminate another attack vector (depending on the actual processing of RAs on the CPEs).
In P2P-Eth you can always remove the CPE and connect your hacker PC instead, and then start to inject RAs. Depending on the network this will be handled or not. Now it sounds they have a good solution in place, no L2 between customer ports. /Anders