[ipv6hackers] Pros and Cons of Address Randomization
Jim Small
jim.small at cdw.com
Sun Dec 2 19:33:11 CET 2012
Hi Owen,
Curious on this one:
> > Maybe this is an enterprise bias but my experience has been that
> loopbacks (at least with IPv4) are numbered sequentially with predictable
> patterns for ease of use. These can be protected with ACLs/firewalls. I
> would like to do something similar for IPv6. Maybe this is legacy thinking but
> I would dread giving this up and completely depending on DNS. What about
> outages where you're using an Out Of Band network and DNS is
> down/unavailable? This one would be hard for me...
> >
> You certainly can do something similar for IPv6 and I would actually generally
> advocate doing so. I just wouldn't start from ::1 in most cases.
So where would you start at? ::1001? It's not that you memorize addresses - I agree that's silly. However when you use tools, simple patterned numbers make life easier. Granted you can have lists of addresses to march through but it's the little things... Especially when you're doing something to 100s of routers/switches - spot checking patterned numbers is a little easier than randomized addresses. Maybe I'm just a little lazy. :-)
--Jim
More information about the Ipv6hackers
mailing list