NIST IPv6 document

Joe Greco jgreco at ns.sol.net
Wed Jan 5 23:54:35 CST 2011


> 
> On Jan 6, 2011, at 12:17 PM, Joe Greco wrote:
> 
> > If you don't understand the value of such an increase in magnitude,
> 
> I can count as well as you can, I assure you.
> 
> > I invite you to switch all your ssh keys to 56 bit.
> 
> The difference is that if someone compromises/brute-forces one of my ssh ke=
> ys, he has something of value. =20
> 
> OTOH, if he can find my host and send some packets to it, since I've done a=
> ll the host OS/app/service BCPs, plus I'm enforcing policy via stateless AC=
> Ls in hardware-based routers/switches and tcpwrappers on my host, so what? =
>  I could care less.

Generally speaking, security professionals prefer for there to be more
roadblocks rather than fewer.  That's why they call it layers of
security; occasionally your belt may snap and you may find yourself
reliant on the suspenders.  The fact that you're confident that your
belt is great is only relevant to yourself and any others who are
similarly confident in their choice of belt. 

You start off with the assumption that the knowledge of the host
address is not something of value; while I agree that it *shouldn't*
be of value, the sad fact of the matter is that we've seen numerous
examples of where it *is* of value.

I'm starting off with the assumption that knowledge of the host
address *might* be something of value.  If it isn't, no harm done.
If it is, and the address becomes virtually impossible to find, then
we've just defeated an attack, and it's hard to see that as anything
but positive.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list