Re: draft-vandevelde-v6ops-nap-01.txt - "maybe add a bit more on proxy servers ..."

["EricLKlein" <ericlklein@softhome.net>]

Mark Smith wrote
> Specific topology hiding mechanisms such as NAT or Proxys aren't that
> useful in IPv6, as, due to the size of the IPv6 address space, topology
> discovery techniques such as "sweep pings" become impractical. Tony Hain
> pointed this out a while back on the IPv6 mailing list. For example,
> (and I've explored this a bit more at
> http://www.circleid.com/article.php?id=805_0_1_0_C/ ), assuming the
> ability to sweep ping 100 IPv6 addresses per second on a /64, and
> assuming a hit within the first 50%, it would take 2 924 712 086.77
> years to find a single host. Of course, the odds go up with more hosts,
> however, the time to sweep ping would still be impractical.

This might be true in theory, but in practice it is usually not. In my 
experience you can scan the first 20 IP addresses in a subnet and you are 
likely to get at least 5 to 10 hits. This is not inherent in the protocol, 
but tends to be part of human nature. Network Admins tend (in an enterprise 
setting) to like to number things sequentially as it makes it easier for 
them to maintain the address pool and to monitor hardware. So unless they 
work 100% with DHCP and it is set to random, there will be many fixed 
devices (printers, application servers, etc) that reside in that first 20 
addresses.

It is like cash machine pin numbers, people tend to make things easier for 
themselves. So if you know the person you can usually guess the pin by their 
or someone that they care about's birthday.

In general, people will be lazy and do what is easiest for them.

Eric