[135475] in North American Network Operators' Group
Re: Using IPv6 with prefixes shorter than a /64 on a LAN
daemon@ATHENA.MIT.EDU (Fernando Gont)
Tue Jan 25 20:05:49 2011
Date: Tue, 25 Jan 2011 22:04:25 -0300
From: Fernando Gont <fernando@gont.com.ar>
To: Owen DeLong <owen@delong.com>
In-Reply-To: <8B0D83FB-38DD-4C4D-9870-5913425BA3A2@delong.com>
Cc: nanog@nanog.org, carlos@lacnic.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 24/01/2011 09:46 p.m., Owen DeLong wrote:
>>> Many cite concerns of potential DoS attacks by doing sweeps of
>>> IPv6 networks. I don't think this will be a common or
>>> wide-spread problem.
>>
>> Myopia doesn't make the problem go away. The point of such an
>> attack is not to "find things", but to overload the router(s).
>> (which can be done rather easily by a few dozen machines.)
>>
> Only if you don't deploy reasonable mitigation strategies.
Just wondering: What would you deem as "reasonable mitigation strategies"?
Thanks,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
