Question

A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source 21ae:4571:42ab:1fdd and for the destination 1.

Which of the following should the security administrator integrate into the network to help prevent this from occurring?

A. Raise the dead peer detection interval to prevent the additional network chatter
B. Deploy honeypots on the network segment to identify the sending machine
C. Ensure routers will use route advertisement guards
D. Deploy ARP spoofing prevention on routers and switches

Answer 1

To prevent a network segment being flooded with ICMPv6 traffic, typically indicative of a DoS attack, deploying Route Advertisement Guard (RAG) is a recommended solution. This security measure will filter out illegitimate IPv6 Router Advertisements, thereby mitigating such attacks.

Step-by-step explanation:

The security administrator is dealing with a network segment that is flooded with ICMPv6 traffic, which is likely the result of a Denial of Service (DoS) attack. Since ICMPv6 traffic is related to the IPv6 protocol, none of the solutions related to ARP spoofing (which pertains to IPv4) would be effective. The use of Route Advertisement Guard (RAG), also known as Router Advertisement Guard, is a security feature that can prevent rogue IPv6 Router Advertisements. These unsolicited advertisements are often used in DoS attacks to misdirect traffic or overwhelm a network segment. Deploying RAG can help ensure that only legitimate router advertisements are processed, which in turn can mitigate the reported issue.