nanog mailing list archives
Re: NIST IPv6 document
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 6 Jan 2011 03:52:09 +0000
On Jan 6, 2011, at 10:42 AM, George Bonser wrote:
It will be a problem if people learn they can DoS routers by doing it by maxing out the neighbor table.
I understand this - that's a completely separate issue from the supposed benefits of sparse addressing for endpoint host security.
I don't think you are understanding the problem.
I've understood the problem for years, thanks, and have commented on it in other portions of this thread, as well as in may earlier threads around this general set of issues - and it's completely orthogonal to this particular discussion. Or are you saying that you think that the miscreants will simply and contritely abandon host-/port-scanning as a) a host-discovery mechanism and b) as a DoS mechanism if everyone magically adopts sparse addressing? Somehow, I don't think that's very likely. ;> Also, see my previous comments in re the negative implications of hinted scanning.
It has nothing to do with "security by obscurity".
You may wish to re-read what Joe was saying - he was positing sparse addressing as a positive good because it will supposedly make it more difficult for attackers to locate endpoints in the first place, i.e., security through obscurity. I think that's an invalid argument. ------------------------------------------------------------------------ Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay
Current thread:
- Re: NIST IPv6 document, (continued)
- Re: NIST IPv6 document TJ (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Seth Mattinen (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document TJ (Jan 06)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- RE: NIST IPv6 document George Bonser (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- RE: NIST IPv6 document George Bonser (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)
- Re: NIST IPv6 document Matthew Petach (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 06)