IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

Owen DeLong owen at delong.com
Fri Mar 2 12:12:15 UTC 2018


> On Mar 2, 2018, at 3:17 AM, Bjørn Mork <bjorn at mork.no> wrote:
> 
> Owen DeLong <owen at delong.com> writes:
> 
>> What can you do with ULA that GUA isn’t suitable for?
> 
> 1) get
> 2) keep
> 3) move

Wrong.

1) get
	Easy as going to http://tunnelbroker.net <http://tunnelbroker.net/> and filling out a form. Remember to check the box for your /48.

2) keep
	Admittedly, you might have to connect to your tunnel every once in a while to keep it alive, but that’s
	hardly a high bar.

3) move
	If you’re not talking to the internet with it (which you can’t with ULA, theoretically), you can move that same
	HE /48 anywhere you want, with the additional advantage that you can, if you need to, connect your tunnel
	and actually make it work on the internet too.

> Granted, many of us can do that with GUAs too.  But with ULA those
> features are avaible to everyone everywhere.  Which is useful for a

You really think that doing ULA according to the RFCs (collision avoidance algorithm and all) is easier
than filling out a form at HE? REALLY?

> number of applications where you care mostly about the local environment
> and not so much about global connectivity.

I hear you, but I’m not convinced about the ease.

Owen




More information about the NANOG mailing list