[154863] in North American Network Operators' Group
Re: using "reserved" IPv6 space
daemon@ATHENA.MIT.EDU (Randy Bush)
Sat Jul 14 17:50:47 2012
Date: Sun, 15 Jul 2012 06:50:12 +0900
From: Randy Bush <randy@psg.com>
To: valdis.kletnieks@vt.edu
In-Reply-To: <52169.1342301812@turing-police.cc.vt.edu>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> The fact that your prefix is a Secret Sauce that isn't known to the
> rest of the world won't matter much to an attacker. One 'ifconfig' on
> whatever beachhead machine the attacker has inside your net, and it's
> not Secret Sauce anymore, it's just another bottle of Thousand Island
> dressing...
security through obsurity is such tempting koolaid. people fall for it
continually and repeatedly.
i especially like the one where filtering ula at your border is thought
to be any different than filtering a bit of global at your border.
randy
