[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NIST IPv6 document
- Subject: NIST IPv6 document
- From: jgreco at ns.sol.net (Joe Greco)
- Date: Thu, 6 Jan 2011 20:18:20 -0600 (CST)
- In-reply-to: <[email protected]>
>
> On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:
>
> >>> It has nothing to do with "security by obscurity".
> >>=20
> >> You may wish to re-read what Joe was saying - he was positing sparse =
> addres=3D
> >> sing as a positive good because it will supposedly make it more =
> difficult f=3D
> >> or attackers to locate endpoints in the first place, i.e., security =
> through=3D
> >> obscurity. I think that's an invalid argument.
> >=20
> > That's not necessarily security through obscurity. A client that just
> > picks a random(*) address in the /64 and sits on it forever could be
> > reasonably argued to be doing a form of security through obscurity.
> > However, that's not the only potential use! A client that initiates
> > each new outbound connection from a different IP address is doing
> > something Really Good.
> >=20
> If hosts start cycling their addresses that frequently, don't you run =
> the risk of that becoming a form of DOS on your router's ND tables?
It could, but given the changes we've seen in the last twenty years, I
have no reason to expect that this won't become practical and commonplace
in IPv6. I think it is a matter of finding the right enabling
technologies, and as others have noted, what currently exists for IPv6
isn't necessarily the best-of-breed.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.