nanog mailing list archives
Re: Failure modes: NAT vs SPI
From: Jack Bates <jbates () brightok net>
Date: Mon, 07 Feb 2011 10:52:57 -0600
On 2/7/2011 10:43 AM, Valdis.Kletnieks () vt edu wrote:
For what it's worth, I've never seen an IPv6 scan cause a problem for our network. Not saying that such a scan*wouldn't* cause a problem, but the fact we've been doing it for over a decade and not seen a big problem seems to go counter to "everyone who turns on IPv6 gets hit by it".
I think it becomes a problem only in certain architectures. ie, providing /64 subnets without SPI can lead to a scan actually able to create effect ND.
This implies that many networks aren't necessarily effected by it, as they implement a certain level of security.
I'd also surmise that IPv6 scanning isn't as prevalent today as it will be at some point. Nachi was an interesting (even if illegal) concept except for being overly aggressive.
Jack
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... david raistrick (Feb 03)
- Failure modes: NAT vs SPI Jay Ashworth (Feb 03)
- Re: Failure modes: NAT vs SPI Iljitsch van Beijnum (Feb 03)
- Message not available
- Re: Failure modes: NAT vs SPI Iljitsch van Beijnum (Feb 07)
- Re: Failure modes: NAT vs SPI Owen DeLong (Feb 07)
- Re: Failure modes: NAT vs SPI Lamar Owen (Feb 10)
- Re: Failure modes: NAT vs SPI Owen DeLong (Feb 10)
- Re: Failure modes: NAT vs SPI Joel Jaeggli (Feb 10)
- Re: Failure modes: NAT vs SPI Jay Ashworth (Feb 07)
- Re: Failure modes: NAT vs SPI Valdis . Kletnieks (Feb 07)
- Re: Failure modes: NAT vs SPI Jack Bates (Feb 07)
- Re: Failure modes: NAT vs SPI Iljitsch van Beijnum (Feb 07)
- Re: quietly.... Iljitsch van Beijnum (Feb 03)
- Re: quietly.... Jon Lewis (Feb 03)
- Re: quietly.... Iljitsch van Beijnum (Feb 03)
- RE: quietly.... Matthew Huff (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Matthew Palmer (Feb 03)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... sthaug (Feb 03)