[170044] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (Timothy Morizot)
Sun Mar 23 18:56:51 2014
In-Reply-To: <20140323214550.GB29152@vacation.karoshi.com>
Date: Sun, 23 Mar 2014 17:56:32 -0500
From: Timothy Morizot <tmorizot@gmail.com>
To: bmanning@vacation.karoshi.com
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 23, 2014 4:45 PM, <bmanning@vacation.karoshi.com> wrote:
> Yo, Tim/Scott. Seems you have not been keeping up.
>
>
http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf
>
> points out several unique problems w/ IPv6 and in deployments
where
> there are ZERO IPv4 equivalents. Ferg is paranoid, but it doesn;t
> mean they are not out to get him/IPv6.
Seriously? That's the best you can come up? A three year old presentation?
The RA and ND vulnerabilities are just the IPv6 versions of ARP floods and
similar attacks. They are well-understood and long mitigated.
On the other hand, if you have an IPv4 only network with lots of IPv6
capable devices on it and someone compromises a host to start sending out
RAs, what exactly is your defense posture?
My comments represent reality. Your security posture is much worse in an
IPv4 only configuration than if you enable and control IPv6.
Scott