[134428] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Wed Jan 5 23:29:09 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Nanog Operators' Group <nanog@nanog.org>
Date: Thu, 6 Jan 2011 04:26:12 +0000
In-Reply-To: <5A6D953473350C4B9995546AFE9939EE0BC1321E@RWC-EX1.corp.seven.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 6, 2011, at 11:16 AM, George Bonser wrote:
> I thought the entire notion of actually getting to a host was orthogonal =
to the discussion as that wasn't the point. It wasn't about
> exploitation of anything on the host, the discussion was about the act of=
scanning a network itself being the problem.
That's a separate sub-thread. =20
Joe was specifically talking about sparse addressing as a way to keep the a=
ttackers from finding end-hosts. My view is that a) nothing will keep the =
attackers from finding the end-hosts, b) they'll scan, anyways, c) they'd d=
o hinted scanning (DNS/whois/routing tables) which will have its own negati=
ve second-order effects, and therefore c) the scanning issue in terms of en=
dpoint security is a red herring.
> If network devices can be degraded simply by scanning the network, it is =
going to become *very* commonplace.
They already can be, and it's going to become more commonplace as a DoS att=
ack vector, concur w/you 100%.
> But the sets of problems are different for an end user network vs. a ser=
vice provider network. For a transit link you might disable ND and configu=
re static neighbors which would inoculate that link from such a neighbor ta=
ble exhaustion attack.
If you're using /64s for your p2p links, the router's still been turned int=
o a sinkhole, though.
> For an end network, the problems are different.
Concur again.
------------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.
-- Alan Kay
