Re: NIST IPv6 document

[Jack Bates <jbates () brightok net>]

On 1/6/2011 10:28 AM, Valdis.Kletnieks () vt edu wrote:
> And the "ZOMG they can overflow the ARP/ND/whatever table" is a total red
> herring - you know damned well that if a script kiddie with a 10K node botnet
> wants to hose down your network, you're going to be looking at a DDoS, and it
> really doesn't matter whether it's SYN packets, or ND traffic, or forged ICMP
> echo-reply mobygrams.

My personal concern is not the intentional DDoS, but the idiotic side 
effects of unintentional idiocy. Nachi was nicer than Blaster to the 
host, but it unintentionally DDoS'd many networks that couldn't handle 
the load.

How many morons will scan a /64 out of curiosity? Even if they get bored 
after 1-2 hours, the effects of such a scan on the ND table could be 
catastrophic in the protocol's default behavior.

How many virus writers will utilize a hinted scan technique, which could 
still end up scanning thousands of v6 addresses per /64 and following 
consecutive /64s which likely are handled by the same router?

It is not the intentional that we should fear, but the unintentional.


Jack