… solutions continued Use L2 admission control (e.g. 802.1x) Denies attacker access to IP layer Use host-based packet filters Needs to be configured, possible issue with updates Use some auto-deprecate tool e.g. rafixd… feels somewhat kludgy… Enhance DHCPv6 to add default router support Radical change to IPv6 model Mentioned as desirable by a number of enterprise admins (but just pushes security issue to a different place) |