[6bone] Is minimum allocation /64 now?

Jørgen Hovland jorgen@hovland.cx
Sat, 25 Oct 2003 19:40:27 +0200 (CEST)


On Sat, 25 Oct 2003, John Holmblad wrote:

> 1. Re NAT
>
> Of course, relying on security through obscurity is bad as a stand alone
> practice, but, as a part of a defense in depth strategy that includes
> fire walling  it does help. Most SOHO router products include, pit of
> practical necessity, NAT but also a rudimentary firewall and no one can
> argue that having those devices in place has somehow increased the
> collective security of the Internet as we know it today. For an ISP to
> sell pure NAT as a rock solid security product however, would represent
> a negligent sales practice.
>
>
>
>
> 2. Re /48 vs /64 for the single network port or home
>
> It occurs to me that the more address space that is allocated to a given
> access point to the Internet, the easier it is for a scanner to find it,
> for obvious reasons. In that sense, generosity of address space
> allocation runs against the grain of trying to make the Internet more
> secure.  In fact it  would seem desirable to take advantage of the huge
> 128 bit address space enabled by IPv6 to raise the cost for attackers to
> find "points of interest" on the Internet.
> --
>

Hi

I don't see NAT purely as a "security through obscurity" product, but I do
agree.
However, your second comment seems to me as a solution purely based on a
security through obscurity model.  By hiding the "real" ip addresses in a
scope of billions you are trying to gain better security. Do you think
this is better than NAT ?

Joergen Hovland ENK