Hi ! To all contributors to this wonderful IPv6 day, juste a short notice : please avoid SLAAC adresses on your public servers ! First, in case of an hardware crash, the recovery will be done under presure and most will forget about forcing the new server's mac adress to the old one, wich will delay the recovery Second, it's beeing a little too transparent as the MAC adress may reveal the server's manufacturer, approximate manufacturing tdate, or the network controler model. Some may use it as a clue to design a proper exploit... Just a nightly thought while monitoring seen IPv6 adresses ;) -- Jérôme Nicolle
----- Original Message -----
From: "Jérôme Nicolle" <jerome@ceriz.fr>
Second, it's beeing a little too transparent as the MAC adress may reveal the server's manufacturer, approximate manufacturing tdate, or the network controler model. Some may use it as a clue to design a proper exploit...
Security by obscurity isn't *bad*, it's just one small component of a Defense in Depth, still worth using if you can. Necessary, but not sufficient. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
participants (2)
-
Jay Ashworth
-
Jérôme Nicolle