using "reserved" IPv6 space

Jimmy Hess mysidia at
Sat Jul 14 22:37:37 UTC 2012

On 7/14/12, valdis.kletnieks at <valdis.kletnieks at> wrote:
> The fact that your prefix is a Secret Sauce that isn't known to the rest of
> the world won't matter much to an attacker.  One 'ifconfig' on whatever
> beachhead machine the attacker has inside your net, and it's not Secret
> Sauce anymore, it's just another bottle of Thousand Island dressing...

The good news is one  'ifconfig'  just tells them  what   network
address you're in.
Unless the attacker can gain access to your host's  NDP table or ARP
table,  they can't see what IPs are in use.

You're  Global or whatever /64   has   ~18446744073709551615
possible IP addresses.

If you want your addressing assignments to be "obscure",
generate a  random  interface ID,  and use that to assign your IPv6
addresses within your public /64,  or just use stateless autoconfig.


More information about the NANOG mailing list