nanog mailing list archives
Re: European ISP enables IPv6 for all?
From: Danny McPherson <danny () tcb net>
Date: Mon, 17 Dec 2007 22:58:28 -0700
On Dec 17, 2007, at 10:37 PM, Steven M. Bellovin wrote:
On Mon, 17 Dec 2007 15:29:21 -0800 "Christopher Morrow" <morrowc.lists () gmail com> wrote:how does it improve data security exactly?Back in 1994, it was expected to be true because v6 would mandate IPsec, and v6 would be deployed long before the installed base of v4 machines would be upgraded to IPsec. Obviously, that's not what happened; while IPsec was indeed late in coming, v6 was even later, so the original belief has been OBE. The mythos, however, hasn't caught up. Similar statements can be made about stateless autoconfig vs. v4 DHCP.
Perhaps the concept also holds true because there's a smaller target market for the moment, and attackers are all about ROI. We've certainly seen this at other layers of the stack. However, not sure I'd posit as such.
In a slightly more realistic vein, a huge address space makes life harder for scanning worms. As Angelos Keromytis, Bill Cheswick, and I have pointed out, "harder" is by no means equivalent to "impossible", but the myth, new as it is, still propagates.
As will the worms and malware, I suppose, though perhaps with more thought-out propagation vectors that employ not only local prefix scanning, but nifty things like walking ip6.arpa or the like for presumable denser host existence. Then again, who needs self propagation, when client-side attacks seem to be more than sufficient. -danny
Current thread:
- European ISP enables IPv6 for all? Sean Siler (Dec 17)
- Re: European ISP enables IPv6 for all? Stuart Henderson (Dec 17)
- RE: European ISP enables IPv6 for all? Sean Siler (Dec 17)
- Re: European ISP enables IPv6 for all? Christopher Morrow (Dec 17)
- Re: European ISP enables IPv6 for all? Randy Bush (Dec 17)
- Re: European ISP enables IPv6 for all? Steven M. Bellovin (Dec 17)
- Re: European ISP enables IPv6 for all? Danny McPherson (Dec 17)
- Re: European ISP enables IPv6 for all? Roland Dobbins (Dec 17)
- Re: European ISP enables IPv6 for all? Iljitsch van Beijnum (Dec 18)
- Re: European ISP enables IPv6 for all? Adrian Chadd (Dec 18)
- Re: European ISP enables IPv6 for all? Steven M. Bellovin (Dec 18)
- Re: European ISP enables IPv6 for all? John Kristoff (Dec 18)
- Message not available
- Re: European ISP enables IPv6 for all? Iljitsch van Beijnum (Dec 19)
- Re: European ISP enables IPv6 for all? Mohacsi Janos (Dec 19)
- Re: European ISP enables IPv6 for all? Christopher Morrow (Dec 17)
- Re: European ISP enables IPv6 for all? Vassili Tchersky (Dec 18)
- Re: European ISP enables IPv6 for all? Jeroen Massar (Dec 18)