[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Failure modes: NAT vs SPI

Subject: Failure modes: NAT vs SPI
From: lowen at pari.edu (Lamar Owen)
Date: Thu, 10 Feb 2011 10:53:58 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

On Monday, February 07, 2011 04:33:23 am Owen DeLong wrote:
> 1.	Scanning even an entire /64 at 1,000 pps will take 18,446,744,073,709,551 seconds
> 	which is 213,503,982,334 days or 584,542,000 years.
> 
> 	I would posit that since most networks cannot absorb a 1,000 pps attack even without
> 	the deleterious effect of incomplete ND on the router, no network has yet had even
> 	a complete /64 scanned. IPv6 simply hasn't been around that long.

Sounds like a job for a 600 million node botnet.  You don't think this hasn't already crossed botnet ops minds?

Follow-Ups:
- Failure modes: NAT vs SPI
  - From: owen at delong.com (Owen DeLong)
- Failure modes: NAT vs SPI
  - From: joelja at bogus.com (Joel Jaeggli)

References:
- Failure modes: NAT vs SPI
  - From: jra at baylink.com (Jay Ashworth)
- Failure modes: NAT vs SPI
  - From: owen at delong.com (Owen DeLong)

Prev by Date: Looking for an IPv6 naysayer...
Next by Date: Looking for an IPv6 naysayer...
Previous by thread: Failure modes: NAT vs SPI
Next by thread: Failure modes: NAT vs SPI
Index(es):
- Date
- Thread