On 11/13/14, 1:44 PM, Ted Lemon wrote:
On Nov 13, 2014, at 11:35 AM, Michael Thomas <[email protected]> wrote:
Why guess when you can break into $MEGACORP and steal their server logs? If
there's
anything that the Snowden/NSA bizness should teach us is that brute force is
not the
only other option.
Different threat models demand different solutions. I doubt that the NSA is
going to try to brute-force everybody's DNS tree, for the simple reason that if
they did so, it would be obvious and would look like a DoS attack. They
certainly are not going to exhaustively probe everyone's address space. But
yes, they will be able to notice any device that ever communicates to the
internet and transits a network location they are monitoring. This isn't the
risk model I'm talking about in the case of address probing.
"They" of course is not limited to the NSA or even nation-state actors.
That said, I really do wonder -- given how trivial it is with v6 to get
a GUA, -- how easy it is
to keep things within, say, the home that we don't want to accidentally
leaking out onto
the internet from doing so[*]. My guess: hard.
Mike
[*] especially since they have a lot of motivation to call the
mothership from their manufacturers, etc
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet