nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NIST IPv6 document

From: Jack Bates <jbates () brightok net>
Date: Thu, 06 Jan 2011 11:17:30 -0600
On 1/6/2011 10:44 AM, Joe Greco wrote:

On the flip side, however, I would point out that attackers have had vastly
more resources made available to them in part *because* IPv4 has been so
easily scanned and abused.  To be sure, a lot of viruses have spread via
e-mail spam and drive-by downloads, and sparse addressing will not prevent
script kiddies from banging away on ssh brute force attacks against
www.yoursite.com.  But there's been a lot of spread through stupidity as
well.
A randomly setup ssh server without DNS will find itself brute force attacked. Darknets are setup specifically for detection of scans. One side effect of v6, is determining how best to deploy darknets, as we can't just take one or two blocks to do it anymore. We'll need to interweave the darknets with the production blocks. I wish it was possible via DHCPv6-PD to assign a block minus a sub-block (hey, don't use this /64 in the /48 I gave you). It could be that darknets will have to go and flow analysis is all we'll be left with. 


Jack
Previous By Date Next
Previous By Thread Next

Current thread: