There are number of issues that can be discussed when thinking about this.
- Stateless Autoconfiguration: without any authentication you have no level of security. Put differently, you have the same level of security as if you're doing ARP for IPv4--zilch.
- Neighbor Solicitation: Neighbor A queries for the L2 address of a Neighbor B; Neighbor B can reply with L2 address. Now L2 address are exchanged, they can communicate on the link between them.
- Duplicate Address Detection: Neighbor A solicits to verify that an IP address is configured.
This is protected through Secure Neighbor Discovery (SEND) RFC 3971.
- SEND require RSA Signature and one of the following:
- CGA (Cryptographically Generated Addresses) options in all solicitations
- responding nodes to NS to proof of authorization
- responding nodes in NA to have proof of authorization
- requires an advertisement to include a matching NONCE option in the solicitation.
Edutainer Manager, ITProTV
*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.