Hello,
How are RouterOS dealing with ipv6 security?
I know there are other routers with RA guard and other security needs already implemented.
I would like to know if RouterOS currently have a way to implement it.
A security built-in or a possible filter or script to implement RA Guard e the other IPv6 security needs.
http://tools.ietf.org/html/rfc6105 (RFC6105)
and this for more information: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/whitepaper_c11-602135.html
all vendors not devoted to IPv6 at all.
generally when native IPv6 adoption increase, things change, i suppose[and vice versa].
basically im more concerned about lack of SEND support[or improved/fixed IPSec crypto/auth], rather than lack of RAG.
friends report about RIPng as working in ROS, btw.
hopeless fixing “broken by design” NDP wasn’t went to anyway, aside SEND.
This is the problem, there are cisco routers with RA guard and others security on ipv6 already functioning and i wonder when mikrotik will have this included.
With IPv6 without security anyone can impersonate a router, spoof, snif, dos, on a ipv6 network without any security.
I am not expert in this, but if someone experienced would try to make some filter rules to do the basic needed to put ipv6 in a production environment, it would be very nice.
Unless they update the RA Guard spec to make it less easily hacked I don’t see it being much help. Anyway - it would be need to be on switches to be of any real use.
RAG was temporally grimmick. ie “quick-fix”.
adopt SEND !!
https://en.wikipedia.org/wiki/Secure_Neighbor_Discovery_Protocol
https://tools.ietf.org/html/rfc4861
https://tools.ietf.org/html/rfc3971 [v4]