Re: (IETF I-D): Implications of IPv6 Addressing on Security Operations (Fwd: New Version Notification for draft-gont-opsec-ipv6-addressing-00.txt)

[Fernando Gont <fgont () si6networks com>]

Hi, Bill,

On 7/2/23 01:26, William Herrin wrote:
> On Mon, Feb 6, 2023 at 7:40 PM Fernando Gont <fgont () si6networks com> wrote:
> > On 7/2/23 00:05, William Herrin wrote:
> > > On the one hand, sophisticated attackers already scatter attacks
> > > between source addresses to evade protection software.
> >
> > Whereas in the IPv6 case , you normally have at least a /64 without
> > restriction. You might have a /56 or /48 thanks to your ISP, or simply a
> > /48 thanks to some free tunnelbroker provider...
>
> That's not what's actually happening. 

Well, this *is* happening. -- trust me :-)


> What's happening is a mix of
> your computer gets one address unless you bother to enable DHCP/PD, or
> your CPE gets an IPv6 block and your computer does SLAAC and/or DHCP
> to assign itself a single IPv6 address. A lot of the probing is coming
> from hijacked computers, so they have the address they have.
>
> Sophisticated attackers can do more with the address blocks they get
> from their own service providers. But sophisticated attackers could
> spin up VMs with stolen credit cards, hijack BGP and do all manner of
> things with IPv4 and IPv6 too.

You can use a /48 pretty legitimately without stealing any credit cards 
or spinning extra VMs...

Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont () si6networks com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494