NIST IPv6 document

Dobbins, Roland rdobbins at arbor.net
Thu Jan 6 23:32:02 UTC 2011


On Jan 7, 2011, at 1:20 AM, Owen DeLong wrote:

> You are mistaken... Host scanning followed by port sweeps is a very common threat and still widely practiced in IPv4.

I know it's common and widely-practiced.  My point is that if the host is security properly, this doesn't matter; and that if it isn't secured properly, it's going to be found via hinted scanning and exploited, anyways.

> And there are ways to mitigate ND attacks as well.

As has been pointed out elsewhere in this thread, not to the degree of control and certainty needed in production environments.

> Sparse addressing is a win for much more than just rendering scanning useless, but, making scanning useless is still a win.


Since it doesn't make scanning useless (again, hinted scanning), that 'win' is gone.  How else is it supposedly a win?


------------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.

			  -- Alan Kay





More information about the NANOG mailing list