[ipv6hackers] RA guard evasion

Marco Ermini marco.ermini at gmail.com
Wed May 15 15:05:31 CEST 2013


On 15 May 2013 01:13, Felix 'FX' Lindner wrote:

> [...]
> that's what I'm advocating: The option to make it slow-but-secure.
> There are environments and customers who want this.


Well, maybe there are, but are so few that you won't get too much of a
customer base to even think about engineering something similar.

At the level of the switch/router vendor, it implies changing simply
completely the business strategy. When you start your "IPv6 switch project"
you have to think e.g. if to use an ASIC or an FPGA, just to name some of
the many decisions that have to be taken, and consequently the skills of
the engineers to employ, the supply chain etc. - it is not as easy as
"giving a secondary speed" option, the vendor has to enter a  completely
different market segment...

I would think instead much more probable that something that is able to do
such reassembling is more probable from some firewall/IPS/NGFW or SDN
vendor. They are much better positioned for that.


Cheers
-- 
Marco Ermini
root at human # mount -t life -o ro /dev/dna /genetic/research
http://www.linkedin.com/in/marcoermini
"Jesus saves... but Buddha makes incremental back-ups!"



More information about the Ipv6hackers mailing list