[134510] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Jan 6 11:49:02 2011
Date: Thu, 06 Jan 2011 10:48:57 -0600
From: Jack Bates <jbates@brightok.net>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <15350.1294331336@localhost>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/6/2011 10:28 AM, Valdis.Kletnieks@vt.edu wrote:
>
> And the "ZOMG they can overflow the ARP/ND/whatever table" is a total red
> herring - you know damned well that if a script kiddie with a 10K node botnet
> wants to hose down your network, you're going to be looking at a DDoS, and it
> really doesn't matter whether it's SYN packets, or ND traffic, or forged ICMP
> echo-reply mobygrams.
>
My personal concern is not the intentional DDoS, but the idiotic side
effects of unintentional idiocy. Nachi was nicer than Blaster to the
host, but it unintentionally DDoS'd many networks that couldn't handle
the load.
How many morons will scan a /64 out of curiosity? Even if they get bored
after 1-2 hours, the effects of such a scan on the ND table could be
catastrophic in the protocol's default behavior.
How many virus writers will utilize a hinted scan technique, which could
still end up scanning thousands of v6 addresses per /64 and following
consecutive /64s which likely are handled by the same router?
It is not the intentional that we should fear, but the unintentional.
Jack
