On Jan 6, 2011, at 3:32 PM, Dobbins, Roland wrote:
On Jan 7, 2011, at 1:20 AM, Owen DeLong wrote:
You are mistaken... Host scanning followed by port sweeps is a very common threat and still widely practiced in IPv4.
I know it's common and widely-practiced. My point is that if the host is security properly, this doesn't matter; and that if it isn't secured properly, it's going to be found via hinted scanning and exploited, anyways.
True, but, that doesn't really matter. Sparse addressing still provides other useful benefits.
And there are ways to mitigate ND attacks as well.
As has been pointed out elsewhere in this thread, not to the degree of control and certainty needed in production environments.
We can agree to disagree here until I see a production environment get taken down by a scan. So far, we've not had a problem with any of the IPv6 scans through our network. All have given up in <8 hours without having caused any sort of ND table overflow issues.
Sparse addressing is a win for much more than just rendering scanning useless, but, making scanning useless is still a win.
Since it doesn't make scanning useless (again, hinted scanning), that 'win' is gone. How else is it supposedly a win?
Not having to worry about room to grow without renumbering is a good thing. I've posted other advantages in an earlier message. It does make sequential scanning useless and it does make even hinted scanning a bit more difficult or less effective. Think of the difference between playing battleship as it is traditionally played on a simple X, Y grid vs. playing it on a playing field where the ships have 180 different possible orientations (1 per degree instead of 0º and 90º only) Once you get a hit, you need a maximum of 4 additional attempts to identify the orientation of the ship and 50%+ of the time you can get it in ≤2 additional attempts. With a 360º board, this becomes quite a bit more difficult. Sparse addressing does this even against hinted scanning. Owen