[76851] in North American Network Operators' Group
Re: IPv6, IPSEC and DoS
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sat Jan 1 06:16:47 2005
In-Reply-To: <Pine.GSO.4.58.0412312021120.16868@kungfunix.net>
Cc: nanog@nanog.org
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sat, 1 Jan 2005 12:16:02 +0100
To: "J. Oquendo" <sil@politrix.org>
Errors-To: owner-nanog-outgoing@merit.edu
On 1-jan-05, at 2:22, J. Oquendo wrote:
> Supposedly the vulns associated with IPv6 are: reconnaissance, unauth'd
> access, layers 3-4 spoofing, ARP and DHCP attacks, smurfs, routing
> attacks, viruses andworms, translations, transistions, and tunneling
> mechanisms. According to Sean Covery's IPv6 Security Threats
> (http://www.seanconvery.com/SEC-2003.pdf)
No, that list is just a starting point for the discussion. A lot of
stuff in the list doesn't amount to anything. (For instance, there is
no ARP in IPv6.)
I don't understand your example, BTW.
But as long as people get to snif your packets, you're dead in the
water unless you use IPsec.
