[AusNOG] IPv4 Exhaustion, APNIC EC, and James is a nice bloke ; -)
Bevan Slattery
Bevan.Slattery at staff.pipenetworks.com
Tue Jul 22 22:53:44 EST 2008
Narelle,
> [mailto:ausnog-bounces at ausnog.net] On Behalf Of Narelle
> > > Yes, but NAT is far better than everything in your house being
> > > globally addressable - by anybody !
>
> This is a furphy.
>
> Run the numbers.
> Try doing a port scan over available addresses in a 128 bit
> address space. Takes eons. You've just multiplied security by
> obscurity by 2^56, given the default subnet size differences
> (2^8 vs 2^64).
That logic actually breaks my head. So the ideology of IPv6 is to solve
a resource allocation issue which, in fact has partly been brought about
by poor allocation practices in the past. However by your assertion,
part of the attractiveness of IPv6 is the potential 'security' benefits
by having a larger 'pool' and can be further heightened by enforcing a
practice of inefficient and dare I say irresponsible allocation of this
new resource on an almost near random basis without respect or reference
to any allocation best practice. The irony is, under your proposed
model the more efficient we become in allocating this resource (or even
more structured) then the greater the security risk.
> So maybe we'll have valid IP addresses passed around like
> valid credit card numbers today. [Maybe they'll be the same
> thing someday.]
We already have it. It's called IPX.
> Sure, they can find the routers faster. So they'll target
> routers and servers instead. So we get back to securing the
> things we should be securing properly...
Being so reckless as to encourage users (and providers) to establish an
IP numbering scheme for their home (yet public) network that resembled
anything meaningful in the name of 'security' is fundamentally flawed.
> I can conceive of <insert patent request here> a device that
> pops up with a message: "Oh, you seem to have added a device
> to your home LAN today, what security settings would you
> like? <menu of options
> presented>"
That's been done before too: http://www.youtube.com/watch?v=VuqZ8AqmLPY
> it's called progress and innovation. Mind if we have some???
Movement [in the wrong direction] is not progress. Moving forward is...
[b]
More information about the AusNOG
mailing list