using "reserved" IPv6 space

Randy Bush randy at
Sat Jul 14 21:50:12 UTC 2012

> The fact that your prefix is a Secret Sauce that isn't known to the
> rest of the world won't matter much to an attacker.  One 'ifconfig' on
> whatever beachhead machine the attacker has inside your net, and it's
> not Secret Sauce anymore, it's just another bottle of Thousand Island
> dressing...

security through obsurity is such tempting koolaid.  people fall for it
continually and repeatedly.

i especially like the one where filtering ula at your border is thought
to be any different than filtering a bit of global at your border.


More information about the NANOG mailing list