[6bone] Is minimum allocation /64 now?
John Holmblad
jholmblad@aol.com
Sat, 25 Oct 2003 13:05:44 -0400
--------------060907030302080200070500
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
All,
I'd like to share the following thoughts with the group on this
discussion on IP V6 address space.
1. Re NAT
Of course, relying on security through obscurity is bad as a stand alone
practice, but, as a part of a defense in depth strategy that includes
fire walling it does help. Most SOHO router products include, pit of
practical necessity, NAT but also a rudimentary firewall and no one can
argue that having those devices in place has somehow increased the
collective security of the Internet as we know it today. For an ISP to
sell pure NAT as a rock solid security product however, would represent
a negligent sales practice.
2. Re /48 vs /64 for the single network port or home
It occurs to me that the more address space that is allocated to a given
access point to the Internet, the easier it is for a scanner to find it,
for obvious reasons. In that sense, generosity of address space
allocation runs against the grain of trying to make the Internet more
secure. In fact it would seem desirable to take advantage of the huge
128 bit address space enabled by IPv6 to raise the cost for attackers to
find "points of interest" on the Internet.
--
Best Regards,
John Holmblad
Televerage International
(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388
www page: www.vtext.com/users/jholmblad
primary email address: jholmblad@aol.com
backup email address: jholmblad@verizon.net
text email address: jholmblad@vtext.com
--------------060907030302080200070500
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
All, <br>
<br>
I'd like to share the following thoughts with the group on this
discussion on IP V6 address space.<br>
<br>
1. Re NAT<br>
<br>
Of course, relying on security through obscurity is bad as a stand
alone practice, but, as a part of a defense in depth strategy that
includes fire walling it does help. Most SOHO router products include,
pit of practical necessity, NAT but also a rudimentary firewall and no
one can argue that having those devices in place has somehow increased
the collective security of the Internet as we know it today. For an ISP
to sell pure NAT as a rock solid security product however, would
represent a negligent sales practice. <br>
<br>
2. Re /48 vs /64 for the single network port or home<br>
<br>
It occurs to me that the more address space that is allocated to a
given access point to the Internet, the easier it is for a scanner to
find it, for obvious reasons. In that sense, generosity of address
space allocation runs against the grain of trying to make the Internet
more secure. In fact it would seem desirable to take advantage of the
huge 128 bit address space enabled by IPv6 to raise the cost for
attackers to find "points of interest" on the Internet.<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 10 (filtered)">
<title>Best Regards,</title>
<!-- /* Font Definitions */ @font-face {font-family:"MS Mincho"; panose-1:2 2 6 9 4 2 5 8 3 4;}@font-face {font-family:"\@MS Mincho"; panose-1:2 2 6 9 4 2 5 8 3 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";}@page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;}div.Section1 {page:Section1;}-->
</style>
<div class="Section1">
<p class="MsoNormal"><b><span >Best
Regards,</span></b></p>
<p class="MsoNormal"><b><span > </span></b></p>
<p class="MsoNormal"><b><span >John
Holmblad</span></b></p>
<p class="MsoNormal"><b><span > </span></b></p>
<p class="MsoNormal"><b><span >Televerage
International</span></b></p>
<p class="MsoNormal"><b><span > </span></b></p>
<p class="MsoNormal"><b><span >(H) </span></b><b><span >703 620 0672</span></b></p>
<p class="MsoNormal"><b><span >(M) </span></b><b><span >703 407 2278</span></b></p>
<p class="MsoNormal"><b><span >(F) </span></b><b><span >703 620 5388</span></b></p>
<p class="MsoNormal"><b><span > </span></b></p>
<p class="MsoNormal"><b><span lang="NL" >www
page: <a class="moz-txt-link-abbreviated" href="http://www.vtext.com/users/jholmblad">www.vtext.com/users/jholmblad</a></span></b></p>
<p class="MsoNormal"><b><span >primary
email address: </span></b><b><span ><a class="moz-txt-link-abbreviated" href="mailto:jholmblad@aol.com">jholmblad@aol.com</a></span></b></p>
<p class="MsoNormal"><b><span >backup
email address: <a class="moz-txt-link-abbreviated" href="mailto:jholmblad@verizon.net">jholmblad@verizon.net</a></span></b></p>
<p class="MsoNormal"><b><span > </span></b></p>
<p class="MsoNormal"><b><span >text email
address: <a class="moz-txt-link-abbreviated" href="mailto:jholmblad@vtext.com">jholmblad@vtext.com</a></span></b></p>
</div>
</div>
</body>
</html>
--------------060907030302080200070500--