|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
To: "Dobbins, Roland" <rdobbins@arbor.net> In-Reply-To: Your message of "Thu, 06 Jan 2011 07:50:17 GMT." <969A43C1-F11D-425A-B210-1721F893C24B@arbor.net> From: Valdis.Kletnieks@vt.edu Date: Thu, 06 Jan 2011 11:28:56 -0500 Cc: Nanog Operators' Group <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org --==_Exmh_1294331336_4821P Content-Type: text/plain; charset=us-ascii On Thu, 06 Jan 2011 07:50:17 GMT, "Dobbins, Roland" said: > In my view, an IPv6 Internet is considerably less secure, and inherently less > securable, than the present horribly insecure and barely securable IPv4 > Internet; Playing devil's advocate for a moment... Even if an IPv6 network is 10 times as insecure as a similarly configured IPv4 network, they are both as dust motes in a tornado given the incredibly insecure state of most endpoints on the network. Last I looked, there's a lot less scanning of subnets looking for probably-firewalled-by-default-anyhow systems because it's just so much easier to to whack the systems in a drive-by attack when the system visits a compromised web page... And the "ZOMG they can overflow the ARP/ND/whatever table" is a total red herring - you know damned well that if a script kiddie with a 10K node botnet wants to hose down your network, you're going to be looking at a DDoS, and it really doesn't matter whether it's SYN packets, or ND traffic, or forged ICMP echo-reply mobygrams. --==_Exmh_1294331336_4821P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFNJe3IcC3lWbTT17ARAtPiAKDrOktypzCKX+h48vGDtkDCb1mtMgCgzKDL b/VRNlZYXDpACq09hWv7lTg= =P4Tj -----END PGP SIGNATURE----- --==_Exmh_1294331336_4821P--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |