Interesting People mailing list archives
more on IPv6 Forum chief: the new Internet is ready for consumption
From: David Farber <dave () farber net>
Date: Mon, 28 Nov 2005 18:02:44 -0500
Begin forwarded message: From: Bill Williamson <batkiwi () happychinchilla com> Date: November 28, 2005 5:52:33 PM EST To: thomas () thomasleavitt org Cc: dave () farber netSubject: Re: [IP] more on IPv6 Forum chief: the new Internet is ready for consumption
From: Thomas Leavitt <thomas () thomasleavitt org> Subject: Re: [Dewayne-Net] IPv6 Forum chief: the new Internet is ready for consumption The other day, some twit hit a http server I administer with no less than 6,500 separate exploit attempts (before I blocked the attack) - friggin' amazing (and kind of scary). The network I'm on gets literally hundreds of automated penetration attempts daily. I don't want my desktop, or my wife's desktop, or my printer, or anything else on my local network sitting on the open internet -
**SNIP**
If I'm missing something here, and I probably am, maybe someone else on the list can fill me in...
Thomas, I don't know anything about your background, so I'll assume it's not a strong networking one. What you're missing is the difference between a router and a firewall.SOHO NAT device companies purposefully blur this distinction, since you do in essence get a "free" firewall by the very nature of NAT, but they have done the general networking community a large disservice. You can have a
firewall even without doing NAT, and in fact limited access, singledirectional firewalls are MUCH older than the NAT devices you are used to
using. To keep it short: Just because something has a publicly routable IPaddress does not mean that it is publicly accessable. When everything is
IPv6, you will replace your NAT/router/modem/etc device with a much simpler IPv6 firewall device (which already exists if you're willing torun third party firmware on the Linksys WRT54G dave mentioned a few weeks
ago). This device will, just as your NAT router does today, only allow outgoing packets and responses to existing sessions (eg allow the HTTP server you just contacted to send a response back to your laptop). IPv6will give you the OPTION of just plugging directly into the internet, but
that does not mean you will have to!MANY companies, especially older ones with older contracts which give them "real" IPs, already operate with this type of environment with IPv4. This
is why firewalls have existed long before NAT was designed or became commonplace. --Bill ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on IPv6 Forum chief: the new Internet is ready for consumption David Farber (Nov 28)
- <Possible follow-ups>
- more on IPv6 Forum chief: the new Internet is ready for consumption David Farber (Nov 28)
- more on IPv6 Forum chief: the new Internet is ready for consumption David Farber (Nov 28)
- more on IPv6 Forum chief: the new Internet is ready for consumption David Farber (Nov 28)