3 Sep
2010
3 Sep
'10
8:31 p.m.
On 9/3/2010 17:12, Owen DeLong wrote:
I was not attempting to defend security through obscurity. It doesn't ultimately help at all.
However, compared to the network and other resource costs of scanning, even at more than a billion pps, I think there will be more effective vectors of attack that are more likely to be used in IPv6. In IPv4, an exhaustive scan is quite feasible. In IPv6, scanning a single subnet is 4 billion times harder than scanning the entire IPv4 Internet.
My point isn't that hiding hosts in arbitrarily large address space makes them safe. My point is that scanning is not the vector by which they are most likely to get discovered.
Even so, it won't stop the uninitiated from scanning the crap out of IPv6 space. ~Seth