ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

• Previous message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Next message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>	BCP 38 would work. The problem is that many ISPs do not ingress filter, so I
>can use whatever unnallocated IPv6 space
>(2F10:baba:ba30:e8cf:d06f:4881:973a:c68) to SPAM and then go invisible and use
>another one (2E10:baba:ba30:e8cf:d06f:4881:973a:c68)

How do you plan to get the return packets?  DNS bombing with forged
address UDP packets is one thing, but anything that runs over TCP
won't work without return routes.  If the bad guy can inject routes,
you have worse problems than lack of SWIP.

(This assumes the target is not using a 20 year old TCP stack with
predictable sequence numbers, but in the IPv6 world we should be able
to assume that particular security hole is closed.)

I expect bad guys to hop around within a /64 or whatever size
allocation the ISP assigns to customers, but that's still easily
handled by SWIP, or by subpoena to the ISP if they didn't get around
to SWIP.

R's,
John

• Previous message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Next message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]