[134534] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Jan 6 18:47:59 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <201101060517.p065Hwsd087410@aurora.sol.net>
Date: Thu, 6 Jan 2011 15:46:49 -0800
To: Joe Greco <jgreco@ns.sol.net>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:
>>> It has nothing to do with "security by obscurity".
>>=20
>> You may wish to re-read what Joe was saying - he was positing sparse =
addres=3D
>> sing as a positive good because it will supposedly make it more =
difficult f=3D
>> or attackers to locate endpoints in the first place, i.e., security =
through=3D
>> obscurity. I think that's an invalid argument.
>=20
> That's not necessarily security through obscurity. A client that just
> picks a random(*) address in the /64 and sits on it forever could be
> reasonably argued to be doing a form of security through obscurity.
> However, that's not the only potential use! A client that initiates
> each new outbound connection from a different IP address is doing
> something Really Good.
>=20
If hosts start cycling their addresses that frequently, don't you run =
the
risk of that becoming a form of DOS on your router's ND tables?
Owen
