Re: European ISP enables IPv6 for all?

[Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>]

On Tue, 18 Dec 2007 15:49:18 GMT
"Paul Ferguson" <fergdawg () netzero net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- "Christopher Morrow" <morrowc.lists () gmail com> wrote:
>
> > On Dec 17, 2007 9:59 PM, Paul Ferguson <fergdawg () netzero net> wrote:
> >
> > > And in fact, "threat propagation" in a v6 world may actually
> > > be worse than expected, and naivet_ may actually contribute to
> > > a larger-scale attack, given the statistical possibility of
> > > potentially more victims.
> >
> >
> > naivete because folks believe the 'v6 is more secure' propoganda? or
> > some other reason?
>
> Yes. :-)
>
> > > Address space size, and proximity, may well be red herrings in
> > > this discussion.
> >
> > can you expand on this some?
>
> Someone else mentioned "self-infliction" in this thread, and that's
> spot on.
>
> Over the course of the past year or more, we've seen less & less
> "scanning & self-propagating" malware, and more & more self-infliction,
> either by being duped via social engineering or just by drive-by
> infections/compromises.
>
> As it stands, now -- and unless the pendulum swings the other way --
> the whole "...v6 address space is larger, thus it is much harder to
> scan and thus propagation of worms is much harder..." train of thought
> is completely misguided.

It has been for quite a while - and so has NAT/NAPT = IPv4
security, for exactly the same reason. Some people say IPv6 isn't
necessary because of IPv4 NAT/NAPT being available, and then when they
say why, it's commonly because of the supposed "security" of IPv4
NAT/NAPT that'd be "lost" when moving to no-NAT IPv6.

Regards,
Mark.

-- 

        "Sheep are slow and tasty, and therefore must remain constantly
         alert."
                                   - Bruce Schneier, "Beyond Fear"