On Jan 3, 2014, at 7:52 PM, Owen DeLong <o...@delong.com> wrote:
> Well… Sure, 15 years after DHCP attacks first started being a serious
> problem… I doubt it will take anywhere near 15 years for RA guard on by
> default to be the norm in switches, etc.
I count over a dozen ethernet switches in my home that do not have DHCP guard.
Indeed, half of them do not have a management interface at all. Even my
"business class cable modem" does not implement DHCP guard on it's integrated
switch.
I also don't know of a single device, from any vendor, that turns DHCP guard on
by default. I'd appreciate pointers if there is one.
I know a half dozen people sent some form of "don't do that" when I gave the
example of plugging in a "rogue" router with my corporate scenario. Maybe in a
corporate scenario that's plausible, there will be intelligent admins (ha!).
What happens when Joe Home User buys a new Linksys and wants to plug it in to
get a firmware update before installing it? Are we really supposed to expect
that every Joe Homeowner understands RA Guard and configures it for their home
network?
--
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
