nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: no ip forged-source-address

From: "Tony Hain" <alh-ietf () tndh net>
Date: Wed, 30 Oct 2002 15:19:12 -0800

Petri Helenius wrote:



decides to attack, it would use some neighbor's IP.  The 

subnet I am 

on is a /24 and there very well may be a few dozen hosts.  

I could be 

real sneaky and alter my IP randomly to be any of my neighbors for 
every packet I send out.


This gets a lot sneakier when you got your /64 on the subnet. 
Specially 
if people start to build significantly larger subnets by default.


Just stop. This nonsense about spoofing is easier because the IPv6
address space is bigger is bogus and wasting everyone's time. When each
customer is assigned a unique /48-/64 they are traceable to the
accountable entity no matter what low order bits they use. If they are
assigned something longer than a /64, they are likely to keep using
tunneling technologies like 6to4 until they can dump the provider that
is cluelessly hoarding a resource that is not scarce. 

Tony
Previous By Date Next
Previous By Thread Next

Current thread: