nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Failure modes: NAT vs SPI

From: Valdis.Kletnieks () vt edu
Date: Mon, 07 Feb 2011 11:43:44 -0500
On Mon, 07 Feb 2011 11:15:51 EST, Jay Ashworth said:

From: "Iljitsch van Beijnum" <iljitsch () muada com>
This is of course a very big problem, and one of the reasons why
everyone who's tried IPv6 immediately turns it off again: script
kiddies are continuously scanning the entire IPv6 address space so
this happens to regular IPv6 users all the time.


I'm sure it's clear to you that "no one's doing it now" is not a valid
response to prophylactic secure network planning...


Iljitsch's claim is that enough script kiddies *are* doing it now that people's
routers crash and they turn off IPv6, not that "people are so scare of it they
panic and turn it off before they see if it's a problem".

For what it's worth, I've never seen an IPv6 scan cause a problem for our
network.  Not saying that such a scan *wouldn't* cause a problem, but the fact
we've been doing it for over a decade and not seen a big problem seems to go
counter to "everyone who turns on IPv6 gets hit by it".

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: