On Jan 5, 2011, at 9:17 PM, Joe Greco wrote: >>> It has nothing to do with "security by obscurity". >> >> You may wish to re-read what Joe was saying - he was positing sparse addres= >> sing as a positive good because it will supposedly make it more difficult f= >> or attackers to locate endpoints in the first place, i.e., security through= >> obscurity. I think that's an invalid argument. > > That's not necessarily security through obscurity. A client that just > picks a random(*) address in the /64 and sits on it forever could be > reasonably argued to be doing a form of security through obscurity. > However, that's not the only potential use! A client that initiates > each new outbound connection from a different IP address is doing > something Really Good. > If hosts start cycling their addresses that frequently, don't you run the risk of that becoming a form of DOS on your router's ND tables?
Owen
