[134462] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Matthew Petach)
Thu Jan 6 02:03:49 2011
In-Reply-To: <201101060651.p066piXN088758@aurora.sol.net>
Date: Wed, 5 Jan 2011 23:03:44 -0800
From: Matthew Petach <mpetach@netflight.com>
To: Joe Greco <jgreco@ns.sol.net>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Jan 5, 2011 at 10:51 PM, Joe Greco <jgreco@ns.sol.net> wrote:
>> On Jan 6, 2011, at 12:54 PM, Joe Greco wrote:
...
> To say that "the endpoint *will be found*" is a truism, in the same
> way that a bank *will* be robbed. =A0You're not trying to guarantee that
> it will never happen. =A0You're trying to *deter* the bad guys. =A0You wa=
nt
> the bad guy to go across the street to the less-well-defended bank
> across the street. =A0You can't be sure that they'll do that. =A0Someone
> who has it out for you and your bank will rob your bank (or end up
> in jail or dead or whatever). =A0But you can scare off the guy who's
> just looking to score a few thousand in easy cash.
>
> Making it harder to scan a network *can* and *does* deter certain
> classes of attacks. =A0That it doesn't prevent every attack isn't a
> compelling proof that it doesn't prevent some, and I have to call what
> you said a poor argument for that reason.
Hi Joe,
I think what people are trying to say is that it doesn't matter whether
or not your host is easily findable or not, if I can trivially take out you=
r
upstream router. With your upstream router out of commission, the
findability of your host on the subnet really doesn't matter. Once the
router is gone, so is your host, no matter how well hidden on the
subnet it was.
So, the push here is to prevent the trivial ability to take out the
upstream routers, so that the host-level issues will still matter, and
be worth discussing.
Hope this helps clarify the reason for the overarching concern
about the /64 subnet size.
Thanks!!
Matt
> ... JG
> --
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and] th=
en I
> won't contact you again." - Direct Marketing Ass'n position on e-mail spa=
m(CNN)
> With 24 million small businesses in the US alone, that's way too many app=
les.
>
>
