Feature Explorer AI AI

×

Subscribe now to get the Latest Updates

Watch a 2-minute overview video

Subscriber Services: Automatic validation of DHCPv6 client MAC addresses to reduce session hijacking

More Information:

Subscriber Services: Automatic validation of DHCPv6 client MAC addresses to reduce session hijacking

The DHCPv6 local server and relay agent automatically attempt to validate a client's MAC address to prevent accepting packets from malicious clients that attempt to hijack the client session. When DHCPv6 local servers and relay agents receive a solicit message from a client to establish a session, they extract the client MAC address (link-layer address) from the message and add it to a local table that maps MAC addresses to client IPv6 addresses or prefixes. They use this table to compare MAC addresses received in subsequent messages from the client to validate whether the client is known; if not, it is assumed to be malicious and the control packet is dropped. Because the packet has failed MAC validation, the client MAC validation counter is incremented.
Product / Application Software Introduced Release
MX5 Junos OS 18.2R1
MX10 Junos OS 18.2R1
MX40 Junos OS 18.2R1
MX80 Junos OS 18.2R1
MX104 Junos OS 18.2R1
MX204 Junos OS 18.2R1
MX240 Junos OS 18.2R1
MX301 Junos OS 25.4R1
MX304 Junos OS 22.2R3
MX480 Junos OS 18.2R1
MX960 Junos OS 18.2R1
MX2008 Junos OS 18.2R1
MX2010 Junos OS 18.2R1
MX2020 Junos OS 18.2R1
MX10003 Junos OS 18.2R1