nanog mailing list archives
Re: misunderstanding scale
From: Owen DeLong <owen () delong com>
Date: Mon, 24 Mar 2014 18:30:29 -0700
On Mar 23, 2014, at 5:24 PM, Mike Hale <eyeronic.design () gmail com> wrote:
"I wasn't aware that calling out FUD was derisive, but whatever." It's derisive because you completely dismiss a huge security issue that, given the state of IPv6 adoption, a great majority of companies are facing.
I would say that calling it FUD was fair game in this case. Ferg claimed it was a “new unrelated attack”. In reality, it’s pretty much the same attack as most ARP attacks that exist in IPv4 and there are well known mitigations just as in IPv4 with similar difficulties and tradeoffs in their deployment. Sure, having 18 quintillion host addresses on a subnet vs. <254 creates some differences in the scale at which some of these attacks can be carried out, but that’s more a matter of scale than a matter of radically different attack surface.
Calling it FUD is completely wrong because it *is* a legitimate security issue for most businesses. Sure, you've got the few who have been able to properly plan for and secure their networks against the increased attack surface of IPv6, but again...most companies haven’t.
It’s no more legitimate than the similar issues in IPv4. IPv6 doesn’t actually present a significantly increased attack surface, it presents a very similar attack surface. The shape is a little different in some of the details, but the overall size and shape is pretty similar to IPv4.
Slinging false proclamations of FUD is as harmful as FUD itself.
I wouldn’t say that either set of statements was 100% FUD or 100% non-FUD. I will say that vendors making hay out of IPv6 vulnerabilities as if they were novel or different from existing wide-spread IPv4 vulnerabilities in order to increase profits or reduce demands for IPv6 in their products is a fairly common practice that has been far more harmful than any IPv6 attack surface overall. Owen
On Sun, Mar 23, 2014 at 4:49 PM, Timothy Morizot <tmorizot () gmail com> wrote:On Mar 23, 2014 6:21 PM, "Paul Ferguson" <fergdawgster () mykolab com> wrote:Says you.And many others. My comments were actually reiterating what I commonly see presented today.On the other hand, there are beaucoup enterprise networks unwilling to consider to moving to v6 until there are management, control, administrative, and security issues addressed.Whereas there are other enterprise networks, including mine, who are actively deploying IPv6 and have been for a number of years now. So unless you can come up with something truly novel that we haven't already dealt with, I'll stick by my use of FUD.You can continue to deride our issues, and make derisive comments until your heart's content, but it does not change reality.I wasn't aware that calling out FUD was derisive, but whatever. Cheers, Scott-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Current thread:
- Re: misunderstanding scale, (continued)
- Re: misunderstanding scale Laszlo Hanyecz (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale George Herbert (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Mark Andrews (Mar 24)
- Re: misunderstanding scale Jimmy Hess (Mar 25)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Mark Tinka (Mar 24)
- Re: misunderstanding scale Mark Andrews (Mar 23)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Valdis . Kletnieks (Mar 23)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Bryan Socha (Mar 23)
- Re: misunderstanding scale Tim Franklin (Mar 24)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Bob Evans (Mar 24)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) TJ (Mar 25)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Lee Howard (Mar 25)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Bob Evans (Mar 25)
- Re: misunderstanding scale (was: Ipv4 end, its fake.) Owen DeLong (Mar 25)