NIST IPv6 document
Jack Bates
jbates at brightok.net
Thu Jan 6 16:48:57 UTC 2011
On 1/6/2011 10:28 AM, Valdis.Kletnieks at vt.edu wrote:
>
> And the "ZOMG they can overflow the ARP/ND/whatever table" is a total red
> herring - you know damned well that if a script kiddie with a 10K node botnet
> wants to hose down your network, you're going to be looking at a DDoS, and it
> really doesn't matter whether it's SYN packets, or ND traffic, or forged ICMP
> echo-reply mobygrams.
>
My personal concern is not the intentional DDoS, but the idiotic side
effects of unintentional idiocy. Nachi was nicer than Blaster to the
host, but it unintentionally DDoS'd many networks that couldn't handle
the load.
How many morons will scan a /64 out of curiosity? Even if they get bored
after 1-2 hours, the effects of such a scan on the ND table could be
catastrophic in the protocol's default behavior.
How many virus writers will utilize a hinted scan technique, which could
still end up scanning thousands of v6 addresses per /64 and following
consecutive /64s which likely are handled by the same router?
It is not the intentional that we should fear, but the unintentional.
Jack
More information about the NANOG
mailing list