[168723] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (John Kristoff)
Mon Feb 3 17:39:05 2014
Date: Mon, 3 Feb 2014 16:38:43 -0600
From: John Kristoff <jtk@cymru.com>
To: "Dobbins, Roland" <rdobbins@arbor.net>
In-Reply-To: <36E69809-C0B7-497D-A4AA-B251D0C9EA4A@arbor.net>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 3 Feb 2014 07:08:25 +0000
"Dobbins, Roland" <rdobbins@arbor.net> wrote:
> There's nothing in IPv6 which makes any difference. The ultimate
> solution is antispoofing at the customer edge.
There is at least one small thing that may change some part of this and
similar problems. If the threat vector were only accessible on IPv6
and that service on those systems is not easily discoverable then it
will probably reduce the total population of systems being abused.
I do realize in practice there are ways to discover systems, but the
change in address architecture could change things, not perfectly, but
I'll venture to suggest noticeably in some not so difficult to imagine
scenarios.
John
