[6bone] Is minimum allocation /64 now?

Frederick Bruckman fredb@immanent.net
Sat, 25 Oct 2003 13:25:27 -0500 (CDT)

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Oct 2003, John Holmblad wrote:

> 2. Re /48 vs /64 for the single network port or home
>
> It occurs to me that the more address space that is allocated to a given
> access point to the Internet, the easier it is for a scanner to find it,
> for obvious reasons. In that sense, generosity of address space
> allocation runs against the grain of trying to make the Internet more
> secure.  In fact it  would seem desirable to take advantage of the huge
> 128 bit address space enabled by IPv6 to raise the cost for attackers to
> find "points of interest" on the Internet.

Sorry, but it's not obvious to me at all. Given that I know an ISP's
/32, which is public knowledge, how do I find the unique host/network
addresses with valid hosts? Even assuming that a lot of folks will use
the ::1 host part for misguided security considerations, I've still
potentially got a lot of guessing to do to find the valid networks.
Now, supposing that the structure of the ISP's networks is either
apparent from a few stray hits, or published, it would still seem to
make the attacker's job harder if the networks are sparsely allocated.

Frederick

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]