On Jan 6, 2011, at 9:29 PM, Joe Greco wrote:
Sorry, but I see this as not grasping a fundamental security concept.
I see it as avoiding a common security misconception.
Making a host harder to find (or more specifically to address from remote) is a worthwhile goal.
As I've stated repeatedly, I don't think that sparse addressing makes hosts harder to find, because hinted scanning will reveal them.
Things like 4941 take that a lot further, and provide enough bits to make both range scanning and scanning via learned addresses less useful techniques.
I believe RFC4941 to be positively evil, that the harm it will do in terms of complicating traceback and attribution far outweigh any supposed benefits (which are questionably, anyways, IMHO).
This is basic security, whether or not you approve of it. You're trying to make it harder for bad guys.
My view is that it's basic security theater, which a) makes nothing harder for the bad guys, and b) has unpleasant side-effects which have the net effect of degrading one's overall security posture. ------------------------------------------------------------------------ Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay