TWC (AS11351) blocking all NTP?

John Kristoff jtk at cymru.com
Mon Feb 3 22:38:43 UTC 2014


On Mon, 3 Feb 2014 07:08:25 +0000
"Dobbins, Roland" <rdobbins at arbor.net> wrote:

> There's nothing in IPv6 which makes any difference.  The ultimate
> solution is antispoofing at the customer edge.

There is at least one small thing that may change some part of this and
similar problems.  If the threat vector were only accessible on IPv6
and that service on those systems is not easily discoverable then it
will probably reduce the total population of systems being abused.

I do realize in practice there are ways to discover systems, but the
change in address architecture could change things, not perfectly, but
I'll venture to suggest noticeably in some not so difficult to imagine
scenarios.

John



More information about the NANOG mailing list