nanog mailing list archives
RE: using "reserved" IPv6 space
From: "Tony Hain" <alh-ietf () tndh net>
Date: Sat, 14 Jul 2012 15:45:06 -0700
Randy Bush wrote:
The fact that your prefix is a Secret Sauce that isn't known to the rest of the world won't matter much to an attacker. One 'ifconfig' on whatever beachhead machine the attacker has inside your net, and it's not Secret Sauce anymore, it's just another bottle of Thousand Island dressing...security through obsurity is such tempting koolaid. people fall for it continually and repeatedly.
Some people have different Layer 8-9 requirements than others. I am not saying they are 'right', just that 'easier' is a relative term based on what part of the problem is generating the most heat at the moment.
i especially like the one where filtering ula at your border is thought to
be any
different than filtering a bit of global at your border.
There is no difference in the local filtering function, but *IF* all transit providers put FC00::/7 in bogon space and filter it at every border, there is a clear benefit when someone fat-fingers the config script and announces what should be a locally filtered prefix (don't we routinely see unintended announcements in the global BGP table). I realize that is a big IF, but bogon filtering happens fairly consistently in IPv4, so there is no reason to believe it will be less so in IPv6. Tony
Current thread:
- Re: using "reserved" IPv6 space, (continued)
- Re: using "reserved" IPv6 space Owen DeLong (Jul 16)
- Re: using "reserved" IPv6 space Oliver (Jul 17)
- Re: using "reserved" IPv6 space Jimmy Hess (Jul 16)
- Re: using "reserved" IPv6 space -Hammer- (Jul 17)
- Re: using "reserved" IPv6 space Saku Ytti (Jul 17)
- Re: using "reserved" IPv6 space -Hammer- (Jul 17)
- Re: using "reserved" IPv6 space Doug Barton (Jul 17)
- Re: using "reserved" IPv6 space Ray Soucy (Jul 17)
- Re: using "reserved" IPv6 space valdis . kletnieks (Jul 14)
- Re: using "reserved" IPv6 space Randy Bush (Jul 14)
- RE: using "reserved" IPv6 space Tony Hain (Jul 14)
- Re: using "reserved" IPv6 space Randy Bush (Jul 14)
- Re: using "reserved" IPv6 space Grzegorz Janoszka (Jul 15)
- Re: using "reserved" IPv6 space Scott Morris (Jul 15)
- Re: using "reserved" IPv6 space Cameron Byrne (Jul 15)
- Re: using "reserved" IPv6 space Grzegorz Janoszka (Jul 15)
- Re: using "reserved" IPv6 space Mike Jones (Jul 15)
- Re: using "reserved" IPv6 space Owen DeLong (Jul 15)
- Re: using "reserved" IPv6 space Scott Morris (Jul 15)
- Re: using "reserved" IPv6 space Jimmy Hess (Jul 14)
- Re: using "reserved" IPv6 space valdis . kletnieks (Jul 15)