NIST IPv6 document

Owen DeLong owen at delong.com
Thu Jan 6 17:46:49 CST 2011


On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:

>>> It has nothing to do with "security by obscurity".
>> 
>> You may wish to re-read what Joe was saying - he was positing sparse addres=
>> sing as a positive good because it will supposedly make it more difficult f=
>> or attackers to locate endpoints in the first place, i.e., security through=
>> obscurity.  I think that's an invalid argument.
> 
> That's not necessarily security through obscurity.  A client that just
> picks a random(*) address in the /64 and sits on it forever could be
> reasonably argued to be doing a form of security through obscurity.
> However, that's not the only potential use!  A client that initiates
> each new outbound connection from a different IP address is doing
> something Really Good.
> 
If hosts start cycling their addresses that frequently, don't you run the
risk of that becoming a form of DOS on your router's ND tables?

Owen





More information about the NANOG mailing list