nanog mailing list archives
Re: using "reserved" IPv6 space
From: valdis.kletnieks () vt edu
Date: Sun, 15 Jul 2012 11:44:50 -0400
On Sat, 14 Jul 2012 17:37:37 -0500, Jimmy Hess said:
The good news is one 'ifconfig' just tells them what network address you're in. Unless the attacker can gain access to your host's NDP table or ARP table, they can't see what IPs are in use.
All it takes is one USB stick left out in the parking lot for an employee.. By the time they get enough access to do an 'ifconfig', rest assured that they can see the NDP/ARP tables and all the traffic on that network segment as well. (OK.. maybe for some reason they can't - but if you're betting your security model on somebody getting a beachhead on one of your machines and *not* having full access to the network segment, I'll be more than happy to take the other side of the bet).
Attachment:
_bin
Description:
Current thread:
- RE: using "reserved" IPv6 space, (continued)
- RE: using "reserved" IPv6 space Tony Hain (Jul 14)
- Re: using "reserved" IPv6 space Randy Bush (Jul 14)
- Re: using "reserved" IPv6 space Grzegorz Janoszka (Jul 15)
- Re: using "reserved" IPv6 space Scott Morris (Jul 15)
- Re: using "reserved" IPv6 space Cameron Byrne (Jul 15)
- Re: using "reserved" IPv6 space Grzegorz Janoszka (Jul 15)
- Re: using "reserved" IPv6 space Mike Jones (Jul 15)
- Re: using "reserved" IPv6 space Owen DeLong (Jul 15)
- Re: using "reserved" IPv6 space Scott Morris (Jul 15)
- Re: using "reserved" IPv6 space Jimmy Hess (Jul 14)
- Re: using "reserved" IPv6 space valdis . kletnieks (Jul 15)
- Re: using "reserved" IPv6 space Adrian Bool (Jul 13)
- Re: using "reserved" IPv6 space -Hammer- (Jul 13)
- Re: using "reserved" IPv6 space TJ (Jul 13)
- Re: using "reserved" IPv6 space Jean-Francois . TremblayING (Jul 13)
- Re: using "reserved" IPv6 space TJ (Jul 13)
- Re: using "reserved" IPv6 space Jean-Francois . TremblayING (Jul 13)