Building network automation solutions

9 module online course

Start now!

We migrated our blog a few days ago, and the commenting functionality is not there yet. In the meantime enjoy the older comments, or find our content on LinkedIn and comment there.

2 comments:

  1. Sadly it doesn´t help against http://www.thc.org/thc-ipv6/
    HP and other vendors haven´t any working solution for that on, either.

  2. Chris,
    For sake of time, I was unable to cover all details.

    Using 'deny ip any any undetermined-transport' (where applicable) will actually prevent the fragmented attack.

    Using the ra-guard in the latest software release, you can combine this with an ACL to allow only a specific prefix to be advertized, also blocking the flooding attack.

    :-)

Sidebar