[72attendees] Rogue 6to4 RA on wireless network
Tim Chown <tjc@ecs.soton.ac.uk> Wed, 30 July 2008 08:51 UTC
Return-Path: <72attendees-bounces@ietf.org>
X-Original-To: 72attendees-archive@ietf.org
Delivered-To: ietfarch-72attendees-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CA703A6B9B; Wed, 30 Jul 2008 01:51:29 -0700 (PDT)
X-Original-To: 72attendees@core3.amsl.com
Delivered-To: 72attendees@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F0CE3A68EF for <72attendees@core3.amsl.com>; Wed, 30 Jul 2008 01:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MD9jCxnFEDCZ for <72attendees@core3.amsl.com>; Wed, 30 Jul 2008 01:51:23 -0700 (PDT)
Received: from owl.ecs.soton.ac.uk (owl.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe77:96e]) by core3.amsl.com (Postfix) with ESMTP id C773D3A6B3B for <72attendees@ietf.org>; Wed, 30 Jul 2008 01:51:21 -0700 (PDT)
X-ECS-MailScanner-Watermark: 1218012693.15909@3KaFIN+2WpqI2LpZoPq2gQ
Received: from gander.ecs.soton.ac.uk ([IPv6:2001:630:d0:f102:21d:9ff:fe22:9fc]) by owl.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id m6U8pTjg022088 for <72attendees@ietf.org>; Wed, 30 Jul 2008 09:51:29 +0100
Received: from login.ecs.soton.ac.uk (login.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe59:5f12]) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id m6U8pLK8007772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <72attendees@ietf.org>; Wed, 30 Jul 2008 09:51:21 +0100
Received: from login.ecs.soton.ac.uk (localhost.localdomain [127.0.0.1]) by login.ecs.soton.ac.uk (8.13.8/8.11.6) with ESMTP id m6U8pLZJ004184 for <72attendees@ietf.org>; Wed, 30 Jul 2008 09:51:21 +0100
Received: (from tjc@localhost) by login.ecs.soton.ac.uk (8.13.8/8.13.8/Submit) id m6U8pLnd004183 for 72attendees@ietf.org; Wed, 30 Jul 2008 09:51:21 +0100
Date: Wed, 30 Jul 2008 09:51:21 +0100
From: Tim Chown <tjc@ecs.soton.ac.uk>
To: 72attendees@ietf.org
Message-ID: <20080730085121.GA2957@login.ecs.soton.ac.uk>
Mime-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.4.2.2i
X-ECS-MailScanner-ID: m6U8pLK8007772
X-ECS-MailScanner: Found to be clean, Found to be clean
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: m6U8pTjg022088
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Subject: [72attendees] Rogue 6to4 RA on wireless network
X-BeenThere: 72attendees@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion list for the attendees of IETF 72 meeting." <72attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/72attendees>, <mailto:72attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/72attendees>
List-Post: <mailto:72attendees@ietf.org>
List-Help: <mailto:72attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/72attendees>, <mailto:72attendees-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: 72attendees-bounces@ietf.org
Errors-To: 72attendees-bounces@ietf.org
Hi, We still have a rogue RA on the wireless network today, the same one as yesterday. The Ethernet source of the RA is an Intel adapter 00:19:d2:7f:a6:52. The IPv6 source is fe80::6c4e:8ed1:3ad2:4cc4 which might be a Windows Vista 'randomised' host address. It's advertising prefix 2002:8281:1394:9:: so has IPv4 addr 130.129.19.148. It's also offering an fec0:: prefix so is probably running Windows ICS (perhaps because the system has IPv6 on but is filtering incoming IPv6 RAs in the host firewall?) Anyone got any other clues? Anything the local ops guys can do? :) Tim _______________________________________________ 72attendees mailing list 72attendees@ietf.org https://www.ietf.org/mailman/listinfo/72attendees
- [72attendees] Rogue 6to4 RA on wireless network Tim Chown
- Re: [72attendees] Rogue 6to4 RA on wireless netwo… Marshall Eubanks
- Re: [72attendees] Rogue 6to4 RA on wireless netwo… Joel Jaeggli