Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread John Levine
In article you write: >What can you do with ULA that GUA isn’t suitable for? I have a home network with two segments, one wired and one wireless. It has IPv6 addresses assigned by my ISP, Spectrum nee TWC, which probably won't change but who

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Matt Erculiani
Not sure if this is the common thought, but if anyone has a network which requires static IP assignments, they can probably justify a request for a /48 from an RIR. After all, ARIN's requirement for an end-user IPv6 block is, at minimum: "Justify why IPv6 addresses from an ISP or other LIR are

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Owen DeLong
> On Mar 2, 2018, at 19:25, Bjørn Mork wrote: > > Owen DeLong writes: > >>> On Mar 2, 2018, at 3:17 AM, Bjørn Mork wrote: >>> >>> Owen DeLong writes: >>> What can you do with ULA that GUA isn’t suitable for? >>> >>> 1)

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Bjørn Mork
Owen DeLong writes: >> On Mar 2, 2018, at 3:17 AM, Bjørn Mork wrote: >> >> Owen DeLong writes: >> >>> What can you do with ULA that GUA isn’t suitable for? >> >> 1) get >> 2) keep >> 3) move > > Wrong. > > 1) get > Easy as going to

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Owen DeLong
> On Mar 2, 2018, at 3:17 AM, Bjørn Mork wrote: > > Owen DeLong writes: > >> What can you do with ULA that GUA isn’t suitable for? > > 1) get > 2) keep > 3) move Wrong. 1) get Easy as going to http://tunnelbroker.net and

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Owen DeLong
For that matter, if we can kill IPv4, we have plenty of headroom for a LOT of IPv6 PI space. Owen > On Mar 1, 2018, at 4:48 PM, Matt Erculiani wrote: > > Not sure if this is the common thought, but if anyone has a network > which requires static IP assignments, they can

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Owen DeLong
> On Mar 1, 2018, at 5:30 PM, Mark Andrews wrote: > > >> On 2 Mar 2018, at 11:48 am, Matt Erculiani wrote: >> >> Not sure if this is the common thought, but if anyone has a network >> which requires static IP assignments, they can probably justify a >>

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Owen DeLong
> On Mar 1, 2018, at 6:30 PM, Harald Koch wrote: > > On 1 March 2018 at 18:48, Mark Andrews wrote: > >> ULA provide stable internal addresses which survive changing ISP >> for the average home user. > > > Yeah this is pretty much what I'm doing. ULA for

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Owen DeLong
> On Mar 2, 2018, at 1:50 AM, Saku Ytti wrote: > > Enno et al ULA fans > > I could not agree more. > > Either you provide your enterprise customers transportable address or > ULA. If you assign and promote them to use your 'PA' address, they > will take your PA address with them

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Bjørn Mork
Owen DeLong writes: > What can you do with ULA that GUA isn’t suitable for? 1) get 2) keep 3) move Granted, many of us can do that with GUAs too. But with ULA those features are avaible to everyone everywhere. Which is useful for a number of applications where you care

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Saku Ytti
Enno et al ULA fans I could not agree more. Either you provide your enterprise customers transportable address or ULA. If you assign and promote them to use your 'PA' address, they will take your PA address with them when they change operator 10 years from now, and if you reuse it, these two

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-02 Thread Enno Rey
Hi, On Thu, Mar 01, 2018 at 09:30:32PM -0500, Harald Koch wrote: > On 1 March 2018 at 18:48, Mark Andrews wrote: > > > ULA provide stable internal addresses which survive changing ISP > > for the average home user. > > > Yeah this is pretty much what I'm doing. ULA for stable,

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Harald Koch
On 1 March 2018 at 18:48, Mark Andrews wrote: > ULA provide stable internal addresses which survive changing ISP > for the average home user. Yeah this is pretty much what I'm doing. ULA for stable, internal addresses that I can put into the (internal) DNS: ISP prefixes for

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Mark Andrews
> On 2 Mar 2018, at 11:48 am, Matt Erculiani wrote: > > Not sure if this is the common thought, but if anyone has a network > which requires static IP assignments, they can probably justify a > request for a /48 from an RIR. After all, ARIN's requirement for an > end-user

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Mark Andrews
> On 2 Mar 2018, at 9:28 am, Owen DeLong wrote: > > >> On Mar 1, 2018, at 1:20 PM, Harald Koch wrote: >> >> On 1 March 2018 at 15:18, Owen DeLong > > wrote: >> Second, RFC-1918 doesn’t apply to IPv6 at all, and

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Owen DeLong
> On Mar 1, 2018, at 1:20 PM, Harald Koch wrote: > > On 1 March 2018 at 15:18, Owen DeLong > wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly anyone > uses ULA (the IPv6 analogue to RFC-1918). > > Wait.

IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

2018-03-01 Thread Harald Koch
On 1 March 2018 at 15:18, Owen DeLong wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly > anyone > uses ULA (the IPv6 analogue to RFC-1918). > Wait. What's the objection to ULA? Is it just that NAT is bad, or is there something new? -- Harald