Re: Address Scanning Document comments

[Tim Chown <tjc@ecs.soton.ac.uk>]

On Wed, Mar 22, 2006 at 10:35:27PM -0600, Fred Baker wrote:
> If I may give you a healthy caution...
> 
> ...
> 
> Don't tell me how hard it will be to attack IPv6 using IPv4  
> techniques, or how IPv6 is more vulnerable if IPv4 is running in the  
> same machine. Tell me how attackers will attack an IPv6 network, and  
> how to defend against them. Make no mistake: they will.

Good points, and I agree.  It is harder for 'worms' to propogate between 
IPv6 subnets, but still possible.  It is less likely to be by current 
typical ping sweeps.

If there's time today, lets see
a) if the WG thinks this doc should be pushed forward
b) what the tone/conclusion of the doc should be (it currently lacks
   a conclusion)

Bellovin's paper says that understanding what attackers may do is still
work in progress.   I think Section 3 can expand on these sources, and
offer some advice on what attack vectors we may see.   Thus I feel the
document can highlight practical steps an administrator can take (and 
steps they should not).   But of course the doc should not claim any
magic invulnerability.

Tim