nanog mailing list archives
Re: Addressing plan exercise for our IPv6 course
From: Tim Franklin <tim () pelican org>
Date: Thu, 29 Jul 2010 10:45:43 +0000 (GMT)
I look at this as water under the bridge. Yep, it was complicated code and now it works. I can run bittorrent just fine beyond an Apple wireless router and I did nothing to make that work. Micro-torrent just communicates with the router to make the port available.
So, the security model here is that arbitrary untrusted applications, running on an arbitrary untrusted OS, selected by people who have no understanding of computer or network security are allowed to update the security policy on the perimeter device. I can see why those secure NAT boxes have *totally* stopped the Windows botnet problem in its tracks...
Of course, no disagreement there. The real challenge is going to be education of customers so that they can actually configure a firewall policy to protect their now-suddenly-addressable-on-the-Internet home network. I would love to see how SOHO vendors are going to address this.
Permit any outbound Permit any inbound established Deny any inbound Achieves essentially the same functionality as a NAT device without the annoying mangling of addresses. Vendors could then continue to offer the UPnP "request a hole" functionality that they do today, or tweak the labels on their "forward this port" web GUI to say "permit the port" instead. For end-users who want to carry on doing exactly what they do today, the changes required for both them and their CPE vendor are trivial. For end-users who are currently frustrated by NAT, they have their real, honest-to-goodness end-to-end Internet restored. Everybody wins, apart those with a vested interest in "upselling" to "business" connectivity plans, or those who would prefer that the Internet is TV on new technology, and that end-users remain good little eyeballs, dutifully paying for their Big Business Content. Regards, Tim.
Current thread:
- Re: Addressing plan exercise for our IPv6 course, (continued)
- Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 22)
- RE: Addressing plan exercise for our IPv6 course Frank Bulk - iName.com (Jul 22)
- Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 22)
- Re: Addressing plan exercise for our IPv6 course Jens Link (Jul 23)
- Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 23)
- Re: Addressing plan exercise for our IPv6 course Jens Link (Jul 25)
- Re: Addressing plan exercise for our IPv6 course Matthew Palmer (Jul 25)
- Re: Addressing plan exercise for our IPv6 course Akyol, Bora A (Jul 27)
- Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 27)
- Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 29)
- Re: Addressing plan exercise for our IPv6 course Tim Franklin (Jul 29)
- Re: Addressing plan exercise for our IPv6 course Valdis . Kletnieks (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Saku Ytti (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Saku Ytti (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Matthew Kaufman (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Karl Auer (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Karl Auer (Jul 24)
- Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 29)