On Jan 5, 2011, at 9:17 PM, Joe Greco wrote:
It has nothing to do with "security by obscurity".
You may wish to re-read what Joe was saying - he was positing sparse addres= sing as a positive good because it will supposedly make it more difficult f= or attackers to locate endpoints in the first place, i.e., security through= obscurity. I think that's an invalid argument.
That's not necessarily security through obscurity. A client that just picks a random(*) address in the /64 and sits on it forever could be reasonably argued to be doing a form of security through obscurity. However, that's not the only potential use! A client that initiates each new outbound connection from a different IP address is doing something Really Good.
If hosts start cycling their addresses that frequently, don't you run the risk of that becoming a form of DOS on your router's ND tables? Owen