Re: NIST IPv6 document

[Owen DeLong <owen () delong com>]

On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:

> > > It has nothing to do with "security by obscurity".
> >
> > You may wish to re-read what Joe was saying - he was positing sparse addres=
> > sing as a positive good because it will supposedly make it more difficult f=
> > or attackers to locate endpoints in the first place, i.e., security through=
> > obscurity.  I think that's an invalid argument.
>
> That's not necessarily security through obscurity.  A client that just
> picks a random(*) address in the /64 and sits on it forever could be
> reasonably argued to be doing a form of security through obscurity.
> However, that's not the only potential use!  A client that initiates
> each new outbound connection from a different IP address is doing
> something Really Good.
If hosts start cycling their addresses that frequently, don't you run the
risk of that becoming a form of DOS on your router's ND tables?

Owen