North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: no ip forged-source-address

  • From: Tony Hain
  • Date: Wed Oct 30 18:21:37 2002

Petri Helenius wrote:
> 
> > decides to attack, it would use some neighbor's IP.  The 
> subnet I am 
> > on is a /24 and there very well may be a few dozen hosts.  
> I could be 
> > real sneaky and alter my IP randomly to be any of my neighbors for 
> > every packet I send out.
> > 
> This gets a lot sneakier when you got your /64 on the subnet. 
> Specially 
> if people start to build significantly larger subnets by default.

Just stop. This nonsense about spoofing is easier because the IPv6
address space is bigger is bogus and wasting everyone's time. When each
customer is assigned a unique /48-/64 they are traceable to the
accountable entity no matter what low order bits they use. If they are
assigned something longer than a /64, they are likely to keep using
tunneling technologies like 6to4 until they can dump the provider that
is cluelessly hoarding a resource that is not scarce. 

Tony