Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1304
Views
0
Helpful
0
Replies

Is there a Simple way to prevent IPV6 Router Advertisement Spoofing/Flooding Via Cisco routers?

Michael Couture
Level 1
Level 1

‎10-22-2013 01:01 PM - edited ‎02-21-2020 05:01 AM

I have a client that is running IPV4 on their network and not IPV6, but of course IPV6 is enabled on all the windows boxes. They had an issue today where they had tons of IPV6 router advertisements flooding through their VPLS cloud all sourced from a MAC address that could not be located on their network. I did a packet capture and saw that all IPV6 router advertises to the multicast address were from the same source MAC. From reading various articles this appears to be an IPV6 Router Advertisement Spoofing/Flooding. I have seen ways of mitigating the attack via windows but is there a way to do this on Cisco via a central point. Seeing the client is not using IPV6, I guess I could use an IPV6 access list to deny all IPV6 traffic and apply it to all 40 VPLS routers. Anyone come across this and have a better way of mitigating this?

Thanks in advance,

Mike

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card