[134533] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Jan 6 18:32:11 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Nanog Operators' Group <nanog@nanog.org>
Date: Thu, 6 Jan 2011 23:32:02 +0000
In-Reply-To: <3B61690A-3D51-4847-87B5-84D7D1949BF3@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 7, 2011, at 1:20 AM, Owen DeLong wrote:
> You are mistaken... Host scanning followed by port sweeps is a very commo=
n threat and still widely practiced in IPv4.
I know it's common and widely-practiced. My point is that if the host is s=
ecurity properly, this doesn't matter; and that if it isn't secured properl=
y, it's going to be found via hinted scanning and exploited, anyways.
> And there are ways to mitigate ND attacks as well.
As has been pointed out elsewhere in this thread, not to the degree of cont=
rol and certainty needed in production environments.
> Sparse addressing is a win for much more than just rendering scanning use=
less, but, making scanning useless is still a win.
Since it doesn't make scanning useless (again, hinted scanning), that 'win'=
is gone. How else is it supposedly a win?
------------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.
-- Alan Kay
