On 6 Jan 2011, at 17:17, Jack Bates wrote: > > A randomly setup ssh server without DNS will find itself brute force > attacked. Darknets are setup specifically for detection of scans. One side > effect of v6, is determining how best to deploy darknets, as we can't just > take one or two blocks to do it anymore. We'll need to interweave the > darknets with the production blocks. I wish it was possible via DHCPv6-PD to > assign a block minus a sub-block (hey, don't use this /64 in the /48 I gave > you). It could be that darknets will have to go and flow analysis is all > we'll be left with.
As RFC6018 suggests, this could be done dynamically on any given active subnet. Tim
