using "reserved" IPv6 space
Jimmy Hess
mysidia at gmail.com
Sat Jul 14 22:37:37 UTC 2012
On 7/14/12, valdis.kletnieks at vt.edu <valdis.kletnieks at vt.edu> wrote:
[snip]
> The fact that your prefix is a Secret Sauce that isn't known to the rest of
> the world won't matter much to an attacker. One 'ifconfig' on whatever
> beachhead machine the attacker has inside your net, and it's not Secret
> Sauce anymore, it's just another bottle of Thousand Island dressing...
The good news is one 'ifconfig' just tells them what network
address you're in.
Unless the attacker can gain access to your host's NDP table or ARP
table, they can't see what IPs are in use.
You're Global or whatever /64 has ~18446744073709551615
possible IP addresses.
If you want your addressing assignments to be "obscure",
generate a random interface ID, and use that to assign your IPv6
addresses within your public /64, or just use stateless autoconfig.
--
-JH
More information about the NANOG
mailing list