using "reserved" IPv6 space

• Previous message (by thread): using "reserved" IPv6 space
• Next message (by thread): using "reserved" IPv6 space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/14/12, valdis.kletnieks at vt.edu <valdis.kletnieks at vt.edu> wrote:
[snip]
> The fact that your prefix is a Secret Sauce that isn't known to the rest of
> the world won't matter much to an attacker.  One 'ifconfig' on whatever
> beachhead machine the attacker has inside your net, and it's not Secret
> Sauce anymore, it's just another bottle of Thousand Island dressing...

The good news is one  'ifconfig'  just tells them  what   network
address you're in.
Unless the attacker can gain access to your host's  NDP table or ARP
table,  they can't see what IPs are in use.

You're  Global or whatever /64   has   ~18446744073709551615
possible IP addresses.

If you want your addressing assignments to be "obscure",
generate a  random  interface ID,  and use that to assign your IPv6
addresses within your public /64,  or just use stateless autoconfig.



--
-JH

• Previous message (by thread): using "reserved" IPv6 space
• Next message (by thread): using "reserved" IPv6 space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]