[137257] in North American Network Operators' Group
Re: Failure modes: NAT vs SPI
daemon@ATHENA.MIT.EDU (Lamar Owen)
Thu Feb 10 10:56:17 2011
Date: Thu, 10 Feb 2011 10:53:58 -0500
From: Lamar Owen <lowen@pari.edu>
To: nanog@nanog.org
In-Reply-To: <5D2BCD6C-894B-40C2-94A9-DAD0F8EC2865@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Monday, February 07, 2011 04:33:23 am Owen DeLong wrote:
> 1. Scanning even an entire /64 at 1,000 pps will take 18,446,744,073,709,551 seconds
> which is 213,503,982,334 days or 584,542,000 years.
>
> I would posit that since most networks cannot absorb a 1,000 pps attack even without
> the deleterious effect of incomplete ND on the router, no network has yet had even
> a complete /64 scanned. IPv6 simply hasn't been around that long.
Sounds like a job for a 600 million node botnet. You don't think this hasn't already crossed botnet ops minds?
