[ntp:questions] FYI - IPv6 Increasingly Requires Close Clock Synchronization ...

John Spence, CCSI, CCNA, CISSP jspence at native6.com
Thu Jan 27 23:25:34 UTC 2005


Just an FYI.

IPv6 will soon have a new RFC (currently awaiting IESG approval) from the
Securing Neighbor Discovery (SEND) working group, now concluded, describing
how link-local nodes may enable authentication to improve on-link security.
This addresses many of the same attacks common in IPv4 ARP, where malicious
nodes can cause other nodes to change their ARP cache information and
misdirect packets.  SEND also includes authentication for router
advertisements.

One mechanism used is to send some Neighbor Discovery messages with a new
"Timestamp" option, to guard against replay attacks.  This will require
close (while not perfect) synchronization between all nodes using SEND on a
link.

So, at least for highly secure IPv6 environments, NTP synchronization of
clients, servers, and routers will all be important to proper protocol
operation.

----------------------------------------------------
John Spence, CCSI, CCNA, CISSP
Native6, Inc.
IPv6 Training and Consulting
jspence at native6.com
www.native6.com
----------------------------------------------------




More information about the questions mailing list