[170370] in North American Network Operators' Group
Re: IPv6 Security [Was: Re: misunderstanding scale]
daemon@ATHENA.MIT.EDU (Matt Palmer)
Wed Mar 26 18:50:14 2014
Date: Thu, 27 Mar 2014 09:49:51 +1100
From: Matt Palmer <mpalmer@hezmatt.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <53331477.1070701@prgmr.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 26, 2014 at 10:55:03AM -0700, Luke S. Crawford wrote:
> There are many ways to skin this cat; stateless autoconfig looks
> like it mostly works, but privacy extensions seem to be the default
> in many places; outgoing IPv6 from those random addresses will trip
> my BCP38 filters.
Your what-now? You do realise SLAAC works entirely within a single /64,
which shouldn't be difficult to decide is either routable or not in one hit,
right?
- Matt
--
Q: Why do Marxists only drink herbal tea?
A: Because proper tea is theft.
-- Chris Suslowicz, in the Monastery
