nanog mailing list archives

Re: NIST IPv6 document

From: Tim Chown <tjc () ecs soton ac uk>
Date: Fri, 7 Jan 2011 14:17:41 +0000


On 6 Jan 2011, at 17:17, Jack Bates wrote:


A randomly setup ssh server without DNS will find itself brute force attacked. Darknets are setup specifically for 
detection of scans. One side effect of v6, is determining how best to deploy darknets, as we can't just take one or 
two blocks to do it anymore. We'll need to interweave the darknets with the production blocks. I wish it was possible 
via DHCPv6-PD to assign a block minus a sub-block (hey, don't use this /64 in the /48 I gave you). It could be that 
darknets will have to go and flow analysis is all we'll be left with.


As RFC6018 suggests, this could be done dynamically on any given active subnet.

Tim

Current thread:

Re: NIST IPv6 document, (continued)
- - - Re: NIST IPv6 document Bill Bogstad (Jan 06)
    - Re: NIST IPv6 document Miquel van Smoorenburg (Jan 06)
    - Re: NIST IPv6 document Joe Greco (Jan 06)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 05)
    - Re: NIST IPv6 document Valdis . Kletnieks (Jan 06)
    - Re: NIST IPv6 document Jack Bates (Jan 06)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 06)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 06)
    - Re: NIST IPv6 document Joe Greco (Jan 06)
    - Re: NIST IPv6 document Jack Bates (Jan 06)
    - Message not available
    - Re: NIST IPv6 document Tim Chown (Jan 07)
    - Re: NIST IPv6 document Jack Bates (Jan 07)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 05)
    - Message not available
    - NIST IPv6 document Jeff Wheeler (Jan 05)
    - Re: NIST IPv6 document Joe Greco (Jan 05)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 05)
    - Re: NIST IPv6 document Paul Ferguson (Jan 05)
    - Re: NIST IPv6 document William Allen Simpson (Jan 06)
    - Re: NIST IPv6 document Jack Bates (Jan 06)
    - Re: NIST IPv6 document Joel Jaeggli (Jan 05)
    - Re: NIST IPv6 document Paul Ferguson (Jan 05)

(Thread continues...)