nanog mailing list archives
Re: NIST IPv6 document
From: Tim Chown <tjc () ecs soton ac uk>
Date: Fri, 7 Jan 2011 14:17:41 +0000
On 6 Jan 2011, at 17:17, Jack Bates wrote:
A randomly setup ssh server without DNS will find itself brute force attacked. Darknets are setup specifically for detection of scans. One side effect of v6, is determining how best to deploy darknets, as we can't just take one or two blocks to do it anymore. We'll need to interweave the darknets with the production blocks. I wish it was possible via DHCPv6-PD to assign a block minus a sub-block (hey, don't use this /64 in the /48 I gave you). It could be that darknets will have to go and flow analysis is all we'll be left with.
As RFC6018 suggests, this could be done dynamically on any given active subnet. Tim
Current thread:
- Re: NIST IPv6 document, (continued)
- Re: NIST IPv6 document Bill Bogstad (Jan 06)
- Re: NIST IPv6 document Miquel van Smoorenburg (Jan 06)
- Re: NIST IPv6 document Joe Greco (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Valdis . Kletnieks (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document Joe Greco (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Message not available
- Re: NIST IPv6 document Tim Chown (Jan 07)
- Re: NIST IPv6 document Jack Bates (Jan 07)
- Re: NIST IPv6 document Jeff Wheeler (Jan 05)
- Message not available
- NIST IPv6 document Jeff Wheeler (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Paul Ferguson (Jan 05)
- Re: NIST IPv6 document William Allen Simpson (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Joel Jaeggli (Jan 05)
- Re: NIST IPv6 document Paul Ferguson (Jan 05)