On Jan 6, 2011, at 10:42 AM, George Bonser wrote:
It will be a problem if people learn they can DoS routers by doing it by maxing out the neighbor table.
I understand this - that's a completely separate issue from the supposed benefits of sparse addressing for endpoint host security.
I don't think you are understanding the problem.
I've understood the problem for years, thanks, and have commented on it in other portions of this thread, as well as in may earlier threads around this general set of issues - and it's completely orthogonal to this particular discussion. Or are you saying that you think that the miscreants will simply and contritely abandon host-/port-scanning as a) a host-discovery mechanism and b) as a DoS mechanism if everyone magically adopts sparse addressing? Somehow, I don't think that's very likely. ;> Also, see my previous comments in re the negative implications of hinted scanning.
It has nothing to do with "security by obscurity".
You may wish to re-read what Joe was saying - he was positing sparse addressing as a positive good because it will supposedly make it more difficult for attackers to locate endpoints in the first place, i.e., security through obscurity. I think that's an invalid argument. ------------------------------------------------------------------------ Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay