[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NIST IPv6 document

Subject: NIST IPv6 document
From: jbates at brightok.net (Jack Bates)
Date: Thu, 06 Jan 2011 10:48:57 -0600
In-reply-to: <15350.1294331336@localhost>
References: <[email protected]> <[email protected]> <15350.1294331336@localhost>

On 1/6/2011 10:28 AM, Valdis.Kletnieks at vt.edu wrote:
>
> And the "ZOMG they can overflow the ARP/ND/whatever table" is a total red
> herring - you know damned well that if a script kiddie with a 10K node botnet
> wants to hose down your network, you're going to be looking at a DDoS, and it
> really doesn't matter whether it's SYN packets, or ND traffic, or forged ICMP
> echo-reply mobygrams.
>

My personal concern is not the intentional DDoS, but the idiotic side 
effects of unintentional idiocy. Nachi was nicer than Blaster to the 
host, but it unintentionally DDoS'd many networks that couldn't handle 
the load.

How many morons will scan a /64 out of curiosity? Even if they get bored 
after 1-2 hours, the effects of such a scan on the ND table could be 
catastrophic in the protocol's default behavior.

How many virus writers will utilize a hinted scan technique, which could 
still end up scanning thousands of v6 addresses per /64 and following 
consecutive /64s which likely are handled by the same router?

It is not the intentional that we should fear, but the unintentional.

Jack

Follow-Ups:
- NIST IPv6 document
  - From: rdobbins at arbor.net (Dobbins, Roland)

References:
- NIST IPv6 document
  - From: jgreco at ns.sol.net (Joe Greco)
- NIST IPv6 document
  - From: rdobbins at arbor.net (Dobbins, Roland)
- NIST IPv6 document
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

Prev by Date: NIST IPv6 document
Next by Date: NIST IPv6 document
Previous by thread: NIST IPv6 document
Next by thread: NIST IPv6 document
Index(es):
- Date
- Thread