Firewall Wizards mailing list archives
Re: ***SPAM*** Re: IPv6 support in firewalls
From: Dave Piscitello <dave () corecom com>
Date: Mon, 27 Aug 2007 13:24:54 -0400
Patrick M. Hausen wrote:
First you should not rely on NAT as a security measure, anyway, because it isn't.
I advocate using every measure possible to provide security. IP masquerading helps thwart information gathering. I would never suggest using NAT as the only security measure. By IP masquerading, I avoid having a RIR identify the address blocks I use internally, as they would if I were to use public space. Explain why you feel this is wrong?
Third, this is the _only_ way to get rid of the "net 10 consideredharmful" nightmare
It's only a nightmare for people who do not exercise discipline in assigning addresses. I could just as easily err with public addresses and assign the same block of addresses to multiple sites. The fact that an RIR allocates you a block of IPv6 addresses does not guarantee you will not botch assignment within your networks.
Even Forrest Gump knows, "stupid is as stupid does".
IMHO theses are the combined reasons to start over and kill NAT forever.
Won't happen in my lifetime, nor my childrens' lifetime.
Attachment:
dave.vcf
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: IPv6 support in firewalls, (continued)
- Re: IPv6 support in firewalls Paul D. Robertson (Aug 27)
- Re: IPv6 support in firewalls Behm, Jeffrey L. (Aug 27)
- Re: IPv6 support in firewalls Paul D. Robertson (Aug 27)
- Re: IPv6 support in firewalls Behm, Jeffrey L. (Aug 27)
- Re: IPv6 support in firewalls ArkanoiD (Aug 28)
- Re: IPv6 support in firewalls Darren . Reed (Aug 28)
- Re: IPv6 support in firewalls ArkanoiD (Aug 29)
- Re: IPv6 support in firewalls Paul D. Robertson (Aug 29)
- Re: IPv6 support in firewalls ArkanoiD (Aug 29)
- Re: IPv6 support in firewalls ArkanoiD (Aug 27)
- Re: ***SPAM*** Re: IPv6 support in firewalls Dave Piscitello (Aug 27)
- Re: IPv6 support in firewalls Patrick M. Hausen (Aug 27)
- ***SPAM*** Re: IPv6 support in firewalls Dave Piscitello (Aug 27)
- Re: IPv6 support in firewalls Marcus J. Ranum (Aug 27)
- Re: ***SPAM*** Re: IPv6 support in firewalls Paul D. Robertson (Aug 27)
- Re: ***SPAM*** Re: IPv6 support in firewalls ArkanoiD (Aug 27)
- Re: ***SPAM*** Re: IPv6 support in firewalls Dave Piscitello (Aug 27)
- Re: ***SPAM*** Re: IPv6 support in firewalls Steven M. Bellovin (Aug 23)
- Re: ***SPAM*** Re: IPv6 support in firewalls Marcus J. Ranum (Aug 24)
- Re: IPv6 support in firewalls Paul Melson (Aug 23)