[e2e] 100% NAT - a DoS proof internet

Jon Crowcroft Jon.Crowcroft at cl.cam.ac.uk
Tue Feb 14 01:34:02 PST 2006


linear sequential address space scans are old hat - 

but I wasnt proposing an obscurity thing - as per my messages, i was
propsing default OFF from/to everywhere and only ON on a host
pair/time basis.

IPv6 is orthogonal

In missive <43F0C528.70607 at cs.columbia.edu>, "Angelos D. Keromytis" typed:

 >>Jeroen Massar wrote:
 >>> If you want to protect against address scans then move to IPv6 :)
 >>> (though one infected box and they have the local subnet)
 >>Definitely true on the latter, as we point out on a recent paper on 
 >>USENIX ;login: with Steve Bellovin and Bill Cheswick:
 >>Furthermore, the worm can do a scanning of the DNS space and spread 
 >>almost as fast as an IPv4 address-scanning worm. For example, see our 
 >>INFOCOM 2005 paper:



More information about the end2end-interest mailing list