nanog mailing list archives
Re: misunderstanding scale
From: Owen DeLong <owen () delong com>
Date: Mon, 24 Mar 2014 19:15:55 -0700
On Mar 23, 2014, at 11:38 PM, Mark Tinka <mark.tinka () seacom mu> wrote:
On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote:When speaking of IPv6 deployment, I routinely hear about host security. I feel like it should be stated that this is *in no way* an IPv6 issue. May the device be ULA, LLA, GUA or RFC1918-addressed, the device is at risk anyway. If this is the only argument for delaying IPv6 deployment, this sounds more like FUD to me ;-)I guess it's no surprise that host security is not an IPv4 or IPv6 issue. It's just that with IPv4, the majority of unclean and unupdated hosts have been living behind NAT44. In an ideal IPv6 world, all hosts have GUA's, and in this case, host security becomes a bigger problem, because now the host is directly accessible without a NAT66 in between (we hope). Mark.
Bzzzt… But thanks for playing. An IPv6 host with a GUA behind a stateful firewall with default deny is every bit as secure as an iPv4 host with an RFC-1918 address behind a NAT44 gateway. Owen
Current thread:
- Re: misunderstanding scale, (continued)
- Re: misunderstanding scale Michael Thomas (Mar 24)
- Re: misunderstanding scale William Herrin (Mar 24)
- RE: misunderstanding scale Eric Wieling (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Timothy Morizot (Mar 24)
- Re: misunderstanding scale Mark Tinka (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Message not available
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale hslabbert (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- RE: misunderstanding scale Naslund, Steve (Mar 24)
- Re: misunderstanding scale Valdis . Kletnieks (Mar 24)
- RE: misunderstanding scale Alexander Lopez (Mar 24)
- Re: misunderstanding scale hslabbert (Mar 24)
- Re: why IPv6 isn't ready for prime time, SMTP edition John Levine (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Brielle Bruns (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Jim Popovitch (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition John Levine (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Brielle Bruns (Mar 25)
- Re: why IPv6 isn't ready for prime time, SMTP edition Paul Ferguson (Mar 25)