[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)


On Thu, Mar 01, 2018 at 09:30:32PM -0500, Harald Koch wrote:
> On 1 March 2018 at 18:48, Mark Andrews <marka at isc.org> wrote:
> > ULA provide stable internal addresses which survive changing ISP
> > for the average home user.
> Yeah this is pretty much what I'm doing. ULA for stable, internal addresses
> that I can put into the (internal) DNS: ISP prefixes for global routing.
> Renumbering is hard.

as is proper (source|destination) address selection in a sufficiently complex environment.
for interest: for a system which must be both globally and internally reachable, which address do you put into which DNS?

> All of the objections I've seen to ULA are actually objections to (IPv6)
> NAT, which is why I was confused.

the main objection against ULAs is avoidance of complexity in environments where at least some systems need global reach(ability), which applies to pretty much all environments nowadays.



> (As it turns out my ISP prefix has been static for years, but I'm too lazy
> to undo all of the work...)
> -- 
> Harald

Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Matthias Luft, Enno Rey

Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator