[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NIST IPv6 document

Subject: NIST IPv6 document
From: owen at delong.com (Owen DeLong)
Date: Thu, 6 Jan 2011 15:46:49 -0800
In-reply-to: <[email protected]>
References: <[email protected]>

On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:

>>> It has nothing to do with "security by obscurity".
>> 
>> You may wish to re-read what Joe was saying - he was positing sparse addres=
>> sing as a positive good because it will supposedly make it more difficult f=
>> or attackers to locate endpoints in the first place, i.e., security through=
>> obscurity.  I think that's an invalid argument.
> 
> That's not necessarily security through obscurity.  A client that just
> picks a random(*) address in the /64 and sits on it forever could be
> reasonably argued to be doing a form of security through obscurity.
> However, that's not the only potential use!  A client that initiates
> each new outbound connection from a different IP address is doing
> something Really Good.
> 
If hosts start cycling their addresses that frequently, don't you run the
risk of that becoming a form of DOS on your router's ND tables?

Owen

Follow-Ups:
- NIST IPv6 document
  - From: jsw at inconcepts.biz (Jeff Wheeler)
- NIST IPv6 document
  - From: jgreco at ns.sol.net (Joe Greco)

References:
- NIST IPv6 document
  - From: jgreco at ns.sol.net (Joe Greco)

Prev by Date: NIST IPv6 document
Next by Date: IPv6 - real vs theoretical problems
Previous by thread: NIST IPv6 document
Next by thread: NIST IPv6 document
Index(es):
- Date
- Thread