nanog mailing list archives
Re: IPv6, IPSEC and deep packet inspection
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Fri, 31 Dec 2004 22:42:17 -0600
Thus spake <bmanning () vacation karoshi com>
as one who has been "bit" by this already - i can say amen to what Rob preacheth... the hardest part is getting folks up to speed on IPv6 as a threat vector.
Are there any layman-readable presentations or whitepapers out there that discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL tuning might be different?
Swat teams that can neutralize an IPv4 based flareup in minutes/ hours can take days/weeks to contain a v6 channel...
The thing about that is that, if IPv6 is identified as the channel, it's still quite possible to shut down IPv6 connectivity until you figure out how to fix things. After all, there's nothing significant out there yet on v6 that can't be reached with v4... S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
Current thread:
- Re: IPv6, IPSEC and deep packet inspection Christopher L. Morrow (Dec 31)
- <Possible follow-ups>
- Re: IPv6, IPSEC and deep packet inspection Stephen Sprunk (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Sean Donelan (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection bmanning (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Hank Nussbacher (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nicolas FISCHBACH (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Kevin Oberman (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Manish Karir (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nils Ketelsen (Jan 04)