Failure modes: NAT vs SPI

• Previous message (by thread): Failure modes: NAT vs SPI
• Next message (by thread): Failure modes: NAT vs SPI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/10/11 7:53 AM, Lamar Owen wrote:
> On Monday, February 07, 2011 04:33:23 am Owen DeLong wrote:
>> 1.	Scanning even an entire /64 at 1,000 pps will take 18,446,744,073,709,551 seconds
>> 	which is 213,503,982,334 days or 584,542,000 years.
>>
>> 	I would posit that since most networks cannot absorb a 1,000 pps attack even without
>> 	the deleterious effect of incomplete ND on the router, no network has yet had even
>> 	a complete /64 scanned. IPv6 simply hasn't been around that long.
> 
> Sounds like a job for a 600 million node botnet.  You don't think this hasn't already crossed botnet ops minds?

There are more useful things to do with the compute cycles...

• Previous message (by thread): Failure modes: NAT vs SPI
• Next message (by thread): Failure modes: NAT vs SPI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]