[134450] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Jan 6 01:06:58 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Nanog Operators' Group <nanog@nanog.org>
Date: Thu, 6 Jan 2011 06:05:00 +0000
In-Reply-To: <201101060554.p065sZR6087937@aurora.sol.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 6, 2011, at 12:54 PM, Joe Greco wrote:
> Generally speaking, security professionals prefer for there to be more ro=
adblocks rather than fewer. =20
The soi-disant security 'professionals' who espouse layering unnecessary mu=
ltiple, inefficient, illogical, and iatrogenic roadblocks in preference to =
expending the time and effort to learn enough about *actual* security (in c=
ontrast to security theater) to Do Things Right The First Time, aren't wort=
hy of the title and ought to be ignored, IMHO.
> If it is, and the address becomes virtually impossible to find, then we'v=
e just defeated an attack, and it's hard to see that as anything but positi=
ve.
If we had some cheese, we could make a ham-and-cheese sandwich, if we had s=
ome ham.
;>
We must face up to the reality that the endpoint *will be found*, irrespect=
ive of the relative sparseness or density of the addressing plan. It will =
be found via DNS, via narrowing the search scope via examining routing adve=
rtisements, via narrowing the search scope via perusing whois, via the atta=
ckers simply throwing more of their near-infinite scanning resources (i.e.,=
bots) at these dramatically-reduced search scopes.
So, the endpoint will be found, no attack will be prevented, and we end up =
a) wasting wide swathes of address space for no good reason whilst b) makin=
g the routing/switching infrastructure elements far more vulnerable to DoS =
by turning them into sinkholes.
No positive benefits, two negative drawbacks.
------------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.
-- Alan Kay
