nanog mailing list archives
Re: European ISP enables IPv6 for all?
From: Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>
Date: Wed, 19 Dec 2007 07:26:58 +1030
On Tue, 18 Dec 2007 15:49:18 GMT "Paul Ferguson" <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Christopher Morrow" <morrowc.lists () gmail com> wrote:On Dec 17, 2007 9:59 PM, Paul Ferguson <fergdawg () netzero net> wrote:And in fact, "threat propagation" in a v6 world may actually be worse than expected, and naivet_ may actually contribute to a larger-scale attack, given the statistical possibility of potentially more victims.naivete because folks believe the 'v6 is more secure' propoganda? or some other reason?Yes. :-)Address space size, and proximity, may well be red herrings in this discussion.can you expand on this some?Someone else mentioned "self-infliction" in this thread, and that's spot on. Over the course of the past year or more, we've seen less & less "scanning & self-propagating" malware, and more & more self-infliction, either by being duped via social engineering or just by drive-by infections/compromises. As it stands, now -- and unless the pendulum swings the other way -- the whole "...v6 address space is larger, thus it is much harder to scan and thus propagation of worms is much harder..." train of thought is completely misguided.
It has been for quite a while - and so has NAT/NAPT = IPv4 security, for exactly the same reason. Some people say IPv6 isn't necessary because of IPv4 NAT/NAPT being available, and then when they say why, it's commonly because of the supposed "security" of IPv4 NAT/NAPT that'd be "lost" when moving to no-NAT IPv6. Regards, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"
Current thread:
- Re: European ISP enables IPv6 for all?, (continued)
- Re: European ISP enables IPv6 for all? Iljitsch van Beijnum (Dec 19)
- Re: European ISP enables IPv6 for all? Jeroen Massar (Dec 19)
- Re: European ISP enables IPv6 for all? Kevin Oberman (Dec 19)
- Re: European ISP enables IPv6 for all? JAKO Andras (Dec 18)
- Re: European ISP enables IPv6 for all? Adrian Chadd (Dec 18)
- Re: European ISP enables IPv6 for all? JAKO Andras (Dec 18)
- Re: European ISP enables IPv6 for all? Donald Stahl (Dec 18)
- Re: European ISP enables IPv6 for all? Christopher Morrow (Dec 17)
- Re: European ISP enables IPv6 for all? Mark Smith (Dec 18)