[lots of comments about the size of a /64]...
Am I the only one who imagines most ISPs will just assign the default IP
to each /64 (or whatever they issue) (e.g. all zeros or mostly zeros or
just the MAC addy of the end CPE)..
This would a) dramatically reduce the "breadth" of IPv6 space from a
scanning perspective and b) even guessing MAC addys is not that hard
given manufacturer codes.
IPv6 seems very, very classful to me, and I think the lessons we learned
in the pre-CIDR days about amplification and address-guessing and
topology determination by remote are still pretty relevant.
Obviously the firewall bit changes those expectations -- assuming they
are used.
But if we assume that 2^96 is enough space to hide in... well, I'm
pretty sure we'll see every kind of mess we've had to deal with in the
past revisit their gifts upon us.
Deepak
