nanog mailing list archives
Re: NIST IPv6 document
From: Valdis.Kletnieks () vt edu
Date: Thu, 06 Jan 2011 11:28:56 -0500
On Thu, 06 Jan 2011 07:50:17 GMT, "Dobbins, Roland" said:
In my view, an IPv6 Internet is considerably less secure, and inherently less securable, than the present horribly insecure and barely securable IPv4 Internet;
Playing devil's advocate for a moment... Even if an IPv6 network is 10 times as insecure as a similarly configured IPv4 network, they are both as dust motes in a tornado given the incredibly insecure state of most endpoints on the network. Last I looked, there's a lot less scanning of subnets looking for probably-firewalled-by-default-anyhow systems because it's just so much easier to to whack the systems in a drive-by attack when the system visits a compromised web page... And the "ZOMG they can overflow the ARP/ND/whatever table" is a total red herring - you know damned well that if a script kiddie with a 10K node botnet wants to hose down your network, you're going to be looking at a DDoS, and it really doesn't matter whether it's SYN packets, or ND traffic, or forged ICMP echo-reply mobygrams.
Attachment:
_bin
Description:
Current thread:
- Re: NIST IPv6 document, (continued)
- Re: NIST IPv6 document Owen DeLong (Jan 10)
- Re: NIST IPv6 document Joel Jaeggli (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Re: NIST IPv6 document Joel Jaeggli (Jan 06)
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Re: NIST IPv6 document Bill Bogstad (Jan 06)
- Re: NIST IPv6 document Miquel van Smoorenburg (Jan 06)
- Re: NIST IPv6 document Joe Greco (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Valdis . Kletnieks (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document Joe Greco (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Message not available
- Re: NIST IPv6 document Tim Chown (Jan 07)
- Re: NIST IPv6 document Jack Bates (Jan 07)
- Re: NIST IPv6 document Jeff Wheeler (Jan 05)
- Message not available
- NIST IPv6 document Jeff Wheeler (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 05)