On Jan 6, 2011, at 3:32 PM, Dobbins, Roland wrote: > > On Jan 7, 2011, at 1:20 AM, Owen DeLong wrote: > >> You are mistaken... Host scanning followed by port sweeps is a very common >> threat and still widely practiced in IPv4. > > I know it's common and widely-practiced. My point is that if the host is > security properly, this doesn't matter; and that if it isn't secured > properly, it's going to be found via hinted scanning and exploited, anyways. > True, but, that doesn't really matter. Sparse addressing still provides other useful benefits.
>> And there are ways to mitigate ND attacks as well. > > As has been pointed out elsewhere in this thread, not to the degree of > control and certainty needed in production environments. > We can agree to disagree here until I see a production environment get taken down by a scan. So far, we've not had a problem with any of the IPv6 scans through our network. All have given up in <8 hours without having caused any sort of ND table overflow issues. >> Sparse addressing is a win for much more than just rendering scanning >> useless, but, making scanning useless is still a win. > > > Since it doesn't make scanning useless (again, hinted scanning), that 'win' > is gone. How else is it supposedly a win? > Not having to worry about room to grow without renumbering is a good thing. I've posted other advantages in an earlier message. It does make sequential scanning useless and it does make even hinted scanning a bit more difficult or less effective. Think of the difference between playing battleship as it is traditionally played on a simple X, Y grid vs. playing it on a playing field where the ships have 180 different possible orientations (1 per degree instead of 0º and 90º only) Once you get a hit, you need a maximum of 4 additional attempts to identify the orientation of the ship and 50%+ of the time you can get it in ≤2 additional attempts. With a 360º board, this becomes quite a bit more difficult. Sparse addressing does this even against hinted scanning. Owen
