Folks, A few months ago I had published a couple of IETF Internet-Drafts to tackle the problem of RA-Guard evasion -- A summary of the problem and pointers to relevant materials is available at: http://blog.si6networks.com/2011/09/router-advertisement-guard-ra-guard.html The two I-Ds are: * http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-01.txt * http://tools.ietf.org/id/draft-gont-6man-nd-extension-headers-01.txt The former one explains the different attack vectors, and proposes operational counter-measures. The latter proposes a longer-term solution. I'm planning to revise these two I-Ds soon, so any comments/feedback/discussion would be really welcome. P.S.: In case you haven't, you may want to join the IPv6 Hackers mailing-list: http://www.si6networks.com/community/mailing-lists.html Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com web: http://www.si6networks.com