From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lordsutch@gmail.com>
Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com
	[209.85.223.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 5C16521F0F2
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 22 Jan 2013 16:14:38 -0800 (PST)
Received: by mail-ie0-f174.google.com with SMTP id k11so6947015iea.33
	for <cerowrt-devel@lists.bufferbloat.net>;
	Tue, 22 Jan 2013 16:14:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=x-received:mime-version:in-reply-to:references:from:date:message-id
	:subject:to:cc:content-type;
	bh=n2jwWaMfbNfOHRGlK76heckfnsRoRoB3cVm1Ns+0034=;
	b=yQZK0KNc6uIksY7Y3Xa827vS9E4zVCSzM7a2AviSuYeiLW21DvPc79B0vfdIW2jsMZ
	MqzgKP70xlS8W5mLYTxXmHqmBWaB+2tzjk9zw+aLnsrsg92LMHfa3b1IBoC/YbxiGtEs
	r9wXC7D1H8k8UjhhCe0+QwWDSw1d4Wl9fe8m8bCj6XoGnbPM1WFUYefvlHOEKavwTt3t
	2Cd4ha5vw9UNvNIorht0WT8j2MR6vggsh8SOU/vROIZeDBaV/o6lhyV95of5Mzo492Xl
	psgBjZP3JiRTl8JfthVG7oYxSPmGugsdd60ncCOgj1v/rsnFIywUQrcTA6yNdnMfj1VO
	irBg==
X-Received: by 10.42.165.134 with SMTP id k6mr11639175icy.6.1358900077753;
	Tue, 22 Jan 2013 16:14:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.163.212 with HTTP; Tue, 22 Jan 2013 16:14:17 -0800 (PST)
In-Reply-To: <CAA93jw4rQ5JqW9B+QkCxr98kxAW7g7yTvd-9qFPbRM4iTnt6bQ@mail.gmail.com>
References: <CAA93jw5iK2XgH_KiQbkh9iuko+VeR27SUwRwU1+SEon_dfYiUg@mail.gmail.com>
	<CANJCZGLcLJEKYnwHNo8+aG92W=QcLkrJEkOz18=v6Lef7YZjxw@mail.gmail.com>
	<CAA93jw4rQ5JqW9B+QkCxr98kxAW7g7yTvd-9qFPbRM4iTnt6bQ@mail.gmail.com>
From: Chris Lawrence <lordsutch@gmail.com>
Date: Tue, 22 Jan 2013 19:14:17 -0500
Message-ID: <CANJCZGJiCzaB6KDwv1GD+guSkpqy0KrFtUWaAmt56m-LkNyRAg@mail.gmail.com>
To: Dave Taht <dave.taht@gmail.com>
Content-Type: text/plain; charset=UTF-8
Cc: "<cerowrt-devel@lists.bufferbloat.net>"
	<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] dnsmasq ipv6 stuff
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 23 Jan 2013 00:14:38 -0000

On Tue, Jan 22, 2013 at 6:12 PM, Dave Taht <dave.taht@gmail.com> wrote:
> My own objection to ::1 is that provides both an easy mneumonic for people
> to manage their networks AND an easier vector for attacks from the outside
> world.
>
> J.random.badscript only has to ping ::1 on every subnet in your delegation
> to try and hit all the routers.

True, although I think that's pretty much unavoidable given the design
of ipv6 though (isn't ::1 always the router for the subnet)?  You
could always honeypot or Turing pit the other 2^16-(n) subnets if
you're really paranoid about someone finding your router without a
valid IPv6 address to start guessing with.

The source code also seems to support using
dhcp-range=::,constructor=*,ra-names,ra-stateless (etc.).  I'm not
sure what dropping the "1" does, exactly, not having perfect ipv6-foo
skills yet.


Chris