nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: using "reserved" IPv6 space

From: Jimmy Hess <mysidia () gmail com>
Date: Sat, 14 Jul 2012 17:37:37 -0500
On 7/14/12, valdis.kletnieks () vt edu <valdis.kletnieks () vt edu> wrote:
[snip]

The fact that your prefix is a Secret Sauce that isn't known to the rest of
the world won't matter much to an attacker.  One 'ifconfig' on whatever
beachhead machine the attacker has inside your net, and it's not Secret
Sauce anymore, it's just another bottle of Thousand Island dressing...


The good news is one  'ifconfig'  just tells them  what   network
address you're in.
Unless the attacker can gain access to your host's  NDP table or ARP
table,  they can't see what IPs are in use.

You're  Global or whatever /64   has   ~18446744073709551615
possible IP addresses.

If you want your addressing assignments to be "obscure",
generate a  random  interface ID,  and use that to assign your IPv6
addresses within your public /64,  or just use stateless autoconfig.



--
-JH
Previous By Date Next
Previous By Thread Next

Current thread: