misunderstanding scale

Timothy Morizot tmorizot at gmail.com
Sun Mar 23 22:56:32 UTC 2014


On Mar 23, 2014 4:45 PM, <bmanning at vacation.karoshi.com> wrote:
>         Yo, Tim/Scott.   Seems you have not been keeping up.
>
>
http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf
>
>         points out several unique problems w/ IPv6 and in deployments
where
>         there are ZERO IPv4 equivalents.  Ferg is paranoid, but it doesn;t
>         mean they are not out to get him/IPv6.

Seriously? That's the best you can come up? A three year old presentation?
The RA and ND vulnerabilities are just the IPv6 versions of ARP floods and
similar attacks. They are well-understood and long mitigated.

On the other hand, if you have an IPv4 only network with lots of IPv6
capable devices on it and someone compromises a host to start sending out
RAs, what exactly is your defense posture?

My comments represent reality. Your security posture is much worse in an
IPv4 only configuration than if you enable and control IPv6.

Scott


More information about the NANOG mailing list