On Tue, 25 Jan 2011 16:32:59 -0500 "Ricky Beam" <jfbeam@gmail.com> wrote:
On Tue, 25 Jan 2011 13:42:29 -0500, Owen DeLong <owen@delong.com> wrote:
Seriously? Repetitively sweeping a /64? Let's do the math... ...
We've had this discussion before...
If the site is using SLAAC, then that 64bit target is effectively 48bits. And I can make a reasonable guess at 24 of those bits. (esp. if I've seen the address of even one of the machines.)
All you're really pointing out is "security" is a relative term. A lot of these threads devolve in to a waste of time because they're discussing the pros and cons of a single, possible security mechanism without considering it in context ("possible" because if it ends up having no or very little security value it isn't really a "security mechanism" at all). The value of a security mechanism can only be judged in the context of both what threats they mitigate and whether those threats are ones that are common and likely in the context they might be used in. Security is a weakest link problem, so the first thing that needs to be done is to identify the weakest links, before worrying about how to fix them. So what threat are people trying to prevent? Address scanning is only a means to an end - so what is the "end"? Only once that is defined can it be worked out whether address scanning is a likely method attackers will use, and whether then preventing address scanning is an effective mitigation. Regards, Mark.