The Layer-2 Insecurities of IPv6 and the Mitigation Techniques

Neighbor Discovery Protocol was specified without security in mind and before the IPv4 ARP/DHCP spoofing attacks existed, hence, NDP suffers from the same defaults as ARP. The most well-known attacks against NDP are the rogue-RA (quite often caused by misconfiguration), NDP spoofing and NDP cache exhaustion. This session details the different attacks, presents the work done at the IETF at the SAVI working group and the implementation on existing switches and routers. Secure Neighbor Discovery will also be briefly discussed.



  • Eric Vyncke

Part of session

Networking security

Related documents