[6bone] Is minimum allocation /64 now?
Frederick Bruckman
fredb@immanent.net
Sat, 25 Oct 2003 13:25:27 -0500 (CDT)
On Sat, 25 Oct 2003, John Holmblad wrote:
> 2. Re /48 vs /64 for the single network port or home
>
> It occurs to me that the more address space that is allocated to a given
> access point to the Internet, the easier it is for a scanner to find it,
> for obvious reasons. In that sense, generosity of address space
> allocation runs against the grain of trying to make the Internet more
> secure. In fact it would seem desirable to take advantage of the huge
> 128 bit address space enabled by IPv6 to raise the cost for attackers to
> find "points of interest" on the Internet.
Sorry, but it's not obvious to me at all. Given that I know an ISP's
/32, which is public knowledge, how do I find the unique host/network
addresses with valid hosts? Even assuming that a lot of folks will use
the ::1 host part for misguided security considerations, I've still
potentially got a lot of guessing to do to find the valid networks.
Now, supposing that the structure of the ISP's networks is either
apparent from a few stray hits, or published, it would still seem to
make the attacker's job harder if the networks are sparsely allocated.
Frederick