nanog mailing list archives
Re: IPv6 woes - RFC
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Wed, 29 Sep 2021 10:27:27 -0400
On Tue, Sep 28, 2021 at 4:18 PM Randy Bush <randy () psg com> wrote:
the ietf did not give guidance to cpe vendors to protect toys inside your LANguidance aside... 'Time To Market' (or "Minimum Viable Product - MVP!) is likely to impact all of our security 'requirements'. :(that point was made in the paper i cited
"This is a preview of subscription content, log in <https://link.springer.com/signup-login?previousUrl=https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%252F978-3-030-72582-2_22> to check access." <paywall complaint goes here> I can see a wierdo looking image with 'port scan data', which roughly seems to say: "Hey, turn on the firewall" on all of their tested devices... and what look like 'cablelabs affiliates' mostly did the right thing with that fw policy.
I also thought 'homenet' (https://datatracker.ietf.org/wg/homenet) was supposed to have provided the guidance you seek here?got a cite for the guidance?
sure, that's in the referenced architecture document from your link (one of the other few things I can see is the references section): 3. Chown, T., Arkko, J., Brandt, A., Troan, O., Weil, J.: IPv6 home networking architecture principles. RFC 7368, Internet Engineering Task Force (October 2014) The points about NAT in v4 being 'helpful' are sort of right, but the attacks just move up the stack[0] :( so I don't think it's particularly germaine to worry/not about nat for 'security' purposes. -chris 0: https://us.norton.com/internetsecurity-malware-malvertising.html (NOTE: I'm not a fan of norton nor any AV really, but.. the article makes the 'up the stack' point)
Current thread:
- Re: IPv6 woes - RFC, (continued)
- Re: IPv6 woes - RFC Victor Kuarsingh (Sep 29)
- Re: IPv6 woes - RFC Owen DeLong via NANOG (Sep 29)
- Re: IPv6 woes - RFC Valdis Klētnieks (Sep 30)
- Re: IPv6 woes - RFC Victor Kuarsingh (Sep 30)
- Re: IPv6 woes - RFC Owen DeLong via NANOG (Sep 30)
- Re: IPv6 woes - RFC Owen DeLong via NANOG (Sep 28)
- Re: IPv6 woes - RFC Randy Bush (Sep 28)
- Re: IPv6 woes - RFC Christopher Morrow (Sep 28)
- Re: IPv6 woes - RFC Michael Thomas (Sep 28)
- Re: IPv6 woes - RFC Randy Bush (Sep 28)
- Re: IPv6 woes - RFC Christopher Morrow (Sep 29)
- Re: IPv6 woes - RFC Mark Andrews (Sep 28)
- Re: IPv6 woes - RFC Randy Bush (Sep 28)
- Re: IPv6 woes - RFC Victor Kuarsingh (Sep 28)
- Re: IPv6 woes - RFC Saku Ytti (Sep 28)
- Re: IPv6 woes - RFC Joe Maimon (Sep 24)
- Re: IPv6 woes - RFC Owen DeLong via NANOG (Sep 24)
- Re: IPv6 woes - RFC Owen DeLong via NANOG (Sep 24)
- Re: IPv6 woes - RFC borg (Sep 25)
- Re: IPv6 woes - RFC Baldur Norddahl (Sep 25)
- Re: IPv6 woes - RFC Owen DeLong via NANOG (Sep 25)