On 2010-08-27 11:10, Dave CROCKER wrote:
>
>
> On 8/26/2010 2:27 PM, Brian E Carpenter wrote:
>> Apart from that, it's scare-mongering. Consider that
>> the basic model for IPv6 is not fundamentally different than IPv4;
>> why would the underlying security vulnerabilities be fundamentally
>> different?
>
>
> well, just to give that question its due, interesting changes in details
> can sometimes produce interesting changes in the behavior of a model and
> therefore of its implications.
>
> in this case, the vastly larger address space of IPv6 permits attackers
> to switch to new addresses at a rate that was not possible with IPv4.
> this is likely to defeat the substantial infrastructure of
> attack-tracking that is address-based, such as for anti-spam.
True, but the same property means that scanning attacks are infeasible
against IPv6 subnets. Attack tracking based on subnets may work
fine, though. Swings and roundabouts.
Anyway - nobody is saying that there are no security issues with IPv6.
Brian
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
