I was doing some packet scanning on one of my IPv6 enabled servers and I found traffic such as the following frequently (IPs slightly edited): 02:23:02.410360 IP6 fe80::ff78.546 > ff02::2.547: dhcp6 solicit Not having done too much ipv6 packet scanning yet I am curious to know if this is a mis-configured dhcp6 server somewhere? Is this a rather common thing to see in IPv6 traffic? The addresses are not mine, neither do I run a dhcpv6 daemon (no need for it). Thanks, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/ http://linuxmafia.com/~rick/faq/plural-of-virus.html
On Wed, 09 Mar 2011 18:20:12 PST, Jeroen van Aart said:
I was doing some packet scanning on one of my IPv6 enabled servers and I found traffic such as the following frequently (IPs slightly edited):
02:23:02.410360 IP6 fe80::ff78.546 > ff02::2.547: dhcp6 solicit
The addresses are not mine, neither do I run a dhcpv6 daemon (no need for it).
The addresses *are* yours (sort of, the same way that in IPv4, 127.0.0.1 belongs to you even though it's in a netblock assigned to IANA rather than you). fe80: is a prefix for "link level" addresses (basically "only valid on this subnet"), and is what the machine asking for the dhcp6 uses so it has *an* address it can use (or more correctly, so that the machine that replies can fill in a destination for the reply). Meanwhile, ff02::2 is a reserved address for "all routers on the network segment". You can probably pull the mac address out of that fe80:: address, as it's an EUI-64. For example, on my laptop I have: inet6 addr: fe80::224:d6ff:fe53:c5ba/64 Scope:Link Pull out the 'ff:fe', take out that first 2, and my MAC address is 00:24:d6:53:c5:ba. Hope that helps you find the offending box that is under the impression that dhcp6 *is* needed. ;)
participants (2)
-
Jeroen van Aart
-
Valdis.Kletnieks@vt.edu