[6bone] Is minimum allocation /64 now?

Antonio Querubin tony@lava.net
Sat, 25 Oct 2003 20:50:14 -1000 (HST)

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now? (+ my 2 cents)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Oct 2003, John Holmblad wrote:

> 2. Re /48 vs /64 for the single network port or home
>
> It occurs to me that the more address space that is allocated to a given
> access point to the Internet, the easier it is for a scanner to find it,
> for obvious reasons. In that sense, generosity of address space
> allocation runs against the grain of trying to make the Internet more
> secure.  In fact it  would seem desirable to take advantage of the huge
> 128 bit address space enabled by IPv6 to raise the cost for attackers to
> find "points of interest" on the Internet.

Though a scanner may find the subnet, to mount a real attack that might
actually accomplish something would require scanning the entire prefix for
actual targets.  That takes time.  If you were a cracker, would you spend
time scanning a densely populated small network or a sparsely populated
large network?  I'd suspect that with IPv6, the dispersion of targets into
a much larger address space makes things a little more difficult for
crackers.  The theoretical bottom line is that you'll have a harder time
targeting what you haven't yet found.

Previous message: [6bone] Is minimum allocation /64 now?
Next message: [6bone] Is minimum allocation /64 now? (+ my 2 cents)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]