nanog mailing list archives
Re: NIST IPv6 document
From: Jeff Kell <jeff-kell () utc edu>
Date: Wed, 05 Jan 2011 23:21:57 -0500
On 1/5/2011 10:18 PM, Dobbins, Roland wrote:
This whole focus on sparse addressing is just another way to tout security-by-obscurity. We already know that security-by-obscurity is a fundamentally-flawed concept, so it doesn't make sense to try and keep rationalizing it in various domain-specific instantiations.
I agree. It's not the hosts I'm worried about protecting, it's the potential noise directed at the IPv6 space, intentional/irrational scan or otherwise generated traffic. Still, the idea that "nobody will scan a /64" reminds me of the days when 640K ought to be enough for anybody, 56-bit DES ought to be good enough to never be cracked, 10 megabits was astoundingly fast, a T1 was more than enough commodity, and a 300-baud acoustic coupler was a modern marvel. I hesitate to write anything off to impossibility, having witnessed the 8 to 16 to 32 to 64-bit processor progression :) But perhaps it's time for Moore to rest and we can make assumptions about that impossibility. Scanned or not, IPv6 still presents a "very large" route target. Given the transient / spoofed / backscatter / garbage / scan / script kiddie noise that accidentally lands in my IPv4 space, I shudder to think of the noise level of the many-orders-of-magnitude-greater IPv6 space. And the "depth" of infrastructure at which you can decide the traffic is bogus is much greater with IPv6. Most will end up on the target network anyway, no? Jeff
Current thread:
- Re: NIST IPv6 document, (continued)
- Re: NIST IPv6 document Owen DeLong (Jan 06)
- Re: NIST IPv6 document Joe Greco (Jan 06)
- Re: NIST IPv6 document Lamar Owen (Jan 06)
- Message not available
- Re: NIST IPv6 document Tim Chown (Jan 06)
- Re: NIST IPv6 document Mikael Abrahamsson (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Mikael Abrahamsson (Jan 06)
- Re: NIST IPv6 document Jack Bates (Jan 06)
- Re: NIST IPv6 document Lamar Owen (Jan 06)
- Re: NIST IPv6 document Jima (Jan 06)
- Re: NIST IPv6 document Jeff Kell (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document John Levine (Jan 05)
- Re: NIST IPv6 document Julien Goodwin (Jan 06)
- Re: NIST IPv6 document Owen DeLong (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document Owen DeLong (Jan 06)
- Message not available
- Re: NIST IPv6 document Tim Chown (Jan 07)
- Re: NIST IPv6 document Dobbins, Roland (Jan 07)
- Re: NIST IPv6 document TJ (Jan 07)
- Re: NIST IPv6 document Owen DeLong (Jan 07)