[137330] in North American Network Operators' Group
Re: Failure modes: NAT vs SPI
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Fri Feb 11 01:40:58 2011
Date: Thu, 10 Feb 2011 22:40:05 -0800
From: Joel Jaeggli <joelja@bogus.com>
To: Lamar Owen <lowen@pari.edu>
In-Reply-To: <201102101053.59300.lowen@pari.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/10/11 7:53 AM, Lamar Owen wrote:
> On Monday, February 07, 2011 04:33:23 am Owen DeLong wrote:
>> 1. Scanning even an entire /64 at 1,000 pps will take 18,446,744,073,709,551 seconds
>> which is 213,503,982,334 days or 584,542,000 years.
>>
>> I would posit that since most networks cannot absorb a 1,000 pps attack even without
>> the deleterious effect of incomplete ND on the router, no network has yet had even
>> a complete /64 scanned. IPv6 simply hasn't been around that long.
>
> Sounds like a job for a 600 million node botnet. You don't think this hasn't already crossed botnet ops minds?
There are more useful things to do with the compute cycles...
