nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: misunderstanding scale

From: Timothy Morizot <tmorizot () gmail com>
Date: Sun, 23 Mar 2014 17:56:32 -0500
On Mar 23, 2014 4:45 PM, <bmanning () vacation karoshi com> wrote:

        Yo, Tim/Scott.   Seems you have not been keeping up.



http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf


        points out several unique problems w/ IPv6 and in deployments

where

        there are ZERO IPv4 equivalents.  Ferg is paranoid, but it doesn;t
        mean they are not out to get him/IPv6.


Seriously? That's the best you can come up? A three year old presentation?
The RA and ND vulnerabilities are just the IPv6 versions of ARP floods and
similar attacks. They are well-understood and long mitigated.

On the other hand, if you have an IPv4 only network with lots of IPv6
capable devices on it and someone compromises a host to start sending out
RAs, what exactly is your defense posture?

My comments represent reality. Your security posture is much worse in an
IPv4 only configuration than if you enable and control IPv6.

Scott
Previous By Date Next
Previous By Thread Next

Current thread: