On Tue, Jan 22, 2013 at 6:12 PM, Dave Taht <[email protected]> wrote: > My own objection to ::1 is that provides both an easy mneumonic for people > to manage their networks AND an easier vector for attacks from the outside > world. > > J.random.badscript only has to ping ::1 on every subnet in your delegation > to try and hit all the routers.
True, although I think that's pretty much unavoidable given the design of ipv6 though (isn't ::1 always the router for the subnet)? You could always honeypot or Turing pit the other 2^16-(n) subnets if you're really paranoid about someone finding your router without a valid IPv6 address to start guessing with. The source code also seems to support using dhcp-range=::,constructor=*,ra-names,ra-stateless (etc.). I'm not sure what dropping the "1" does, exactly, not having perfect ipv6-foo skills yet. Chris _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
