no ip forged-source-address

Tony Hain alh-ietf at tndh.net
Wed Oct 30 23:19:12 UTC 2002


Petri Helenius wrote:
> 
> > decides to attack, it would use some neighbor's IP.  The 
> subnet I am 
> > on is a /24 and there very well may be a few dozen hosts.  
> I could be 
> > real sneaky and alter my IP randomly to be any of my neighbors for 
> > every packet I send out.
> > 
> This gets a lot sneakier when you got your /64 on the subnet. 
> Specially 
> if people start to build significantly larger subnets by default.

Just stop. This nonsense about spoofing is easier because the IPv6
address space is bigger is bogus and wasting everyone's time. When each
customer is assigned a unique /48-/64 they are traceable to the
accountable entity no matter what low order bits they use. If they are
assigned something longer than a /64, they are likely to keep using
tunneling technologies like 6to4 until they can dump the provider that
is cluelessly hoarding a resource that is not scarce. 

Tony







More information about the NANOG mailing list