Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Katrina Network Damage Report

  • From: Joel Jaeggli
  • Date: Mon Sep 12 13:25:20 2005

On Mon, 12 Sep 2005, Howard, W. Lee wrote:

Maybe I missed an intermediate post or two, but is the assertion
here that IPv6 is more secure because it's impractical to scan such
a large number of possible host IP addresses?  Sort of like zebra
camouflage--it's easy to see the herd, but hard to see a single
zebra.
I didn't assert that it was more secure, rather that scanning as it works now, to collect the ip's of exploitable embedded or other devices is infeasible.

Miscreants will of course looks for other ways if they can't feasibly scan. The IETF is full of resource discovery mechanism work and there's no reason to expect that those selfsame mechanisms wouldn't be subverted to other ends. There's no point in conneccting a device to the internet if you can't find it or manange it.

As my firewall logs would testify though, host discovery throught probing is one of the low hanging fruit.

There may be other ways to find a host address than random botting.
Phishing, perhaps.

I suppose the relative security question becomes, "Which is more
secure: address translation or sparseness?"  I've heard people say
that NAT provides no security, but dynamic assignment (from the
Internet's point of view) of an address for only the duration of
a session means you can't target a specific host, and have to have
some access already to hijack a session.

I'm not saying NAT is sufficient security, but it can be part of
a good plan.  Obscurity isn't sufficient security, but I'm not
publishing my network map.

Lee




--
--------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       joelja@darkwing.uoregon.edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.