nanog mailing list archives
Re: NIST IPv6 document
From: Owen DeLong <owen () delong com>
Date: Thu, 6 Jan 2011 10:20:06 -0800
On Jan 5, 2011, at 7:18 PM, Dobbins, Roland wrote:
On Jan 6, 2011, at 10:08 AM, Joe Greco wrote:Packing everything densely is an obvious problem with IPv4; we learned early on that having a 48-bit (32 address, 16 port) space to scan made port-scanning easy, attractive, productive, and commonplace.I don't believe that host-/port-scanning is as serious a problem as you seem to think it is, nor do I think that trying to somehow prevent host from being host-/port-scanned has any material benefit in terms of security posture, that's our fundamental disagreement.
You are mistaken... Host scanning followed by port sweeps is a very common threat and still widely practiced in IPv4.
If I've done what's necessary to secure my hosts/applications, host-/port-scanning isn't going to find anything to exploit (overly-aggressive scanning can be a DoS vector, but there are ways to ameliorate that, too).
And there are ways to mitigate ND attacks as well.
If I haven't done what's necessary to secure my hosts/applications, one way or another, they *will* end up being exploited - and the faux security-by-obscurity offered by sparse addressing won't matter a bit.
Sparse addressing is a win for much more than just rendering scanning useless, but, making scanning useless is still a win. Owen
Current thread:
- Re: NIST IPv6 document, (continued)
- Re: NIST IPv6 document Mikael Abrahamsson (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Mikael Abrahamsson (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Lamar Owen (Jan 06)
- Re: NIST IPv6 document Jima (Jan 06)
- Re: NIST IPv6 document Jeff Kell (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document John Levine (Jan 05)
- Re: NIST IPv6 document Julien Goodwin (Jan 06)
- Re: NIST IPv6 document Owen DeLong (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document Owen DeLong (Jan 06)
- Message not available
- Re: NIST IPv6 document Tim Chown (Jan 07)
- Re: NIST IPv6 document Dobbins, Roland (Jan 07)
- Re: NIST IPv6 document TJ (Jan 07)
- Re: NIST IPv6 document Owen DeLong (Jan 07)
- Re: NIST IPv6 document Jeff Wheeler (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Kevin Oberman (Jan 05)
- Re: NIST IPv6 document Robert E. Seastrom (Jan 07)