NIST IPv6 document
jgreco at ns.sol.net
Wed Jan 5 21:08:58 CST 2011
> > The switch from IPv4 to IPv6 itself is such a change; it renders random t=
> rolling through IP space much less productive.
> And renders hinted trolling far more productive/necessary, invariably leadi=
> ng to increased strain on already-brittle/-overloaded DNS, whois, route ser=
> vers, et. al., not to mention ND/multicast abuse.
Of course, you *want* them attacking the lower layers, you don't want
them attacking the more easily defended higher layers... got an
investment in Cisco stock there? :-)
But seriously, if your solution is to eliminate sparseness, then you've
also just make attacking networks a whole lot easier.
> > We should not lose sight of the fact that this is generally a very positi=
> ve feature; calls for packing IPv6 space more tightly serve merely to margi=
> nalize that win.
> Far from being a 'win', I believe it's either neutral or a net negative, du=
> e to the above implications.
Then you need to re-evaluate; I'd much prefer having to protect resources
like DNS servers. With a DNS server, I can monitor access trends, or set
off excessive query alarms, and I can even write the code to do all that
without having to create custom silicon to implement it. One can only
imagine how frustrating a $GENERATE must be to a PTR-scanner.
Why do we have to repeat all the mistakes of IPv4 in v6? Packing
everything densely is an obvious problem with IPv4; we learned early
on that having a 48-bit (32 address, 16 port) space to scan made
port-scanning easy, attractive, productive, and commonplace.
If there are operational problems with IPv6, now's a great time to
figure them out and figure out how to make it work well. Re-engineering
the protocol at this late hour is unlikely to be productive; it took
many years to get IPv6 into the state it is, and if we are going to
go and change it all because you don't like sparseness, will it be
ready to deploy before 2020?
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG