nanog mailing list archives

Re: NIST IPv6 document

From: Valdis.Kletnieks () vt edu
Date: Mon, 10 Jan 2011 19:33:08 -0500

On Mon, 10 Jan 2011 19:22:46 EST, Jeff Kell said:

It is a decreasing risk, given the typical user initiated compromise of
today (click here to infect your computer), but a non-zero one.

The whole IPv6 / no-NAT philosophy of "always connected and always
directly addressable" eliminates this layer.


I'd say on the whole, it's a net gain - the added ease of tracking down
the click-here-to-infect machines that are no longer behind a NAT
outweighs the little added security the NAT adds (above and beyond
the statefulness that both NAT and a good firewall both add).

Attachment: _bin
Description:

Current thread:

Re: NIST IPv6 document, (continued)
- - - Re: NIST IPv6 document Joe Greco (Jan 05)
    - Re: NIST IPv6 document Matthew Petach (Jan 05)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 05)
    - Re: NIST IPv6 document Joe Greco (Jan 06)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 06)
    - Re: NIST IPv6 document David Sparro (Jan 07)
    - Re: NIST IPv6 document Lamar Owen (Jan 10)
    - Re: NIST IPv6 document mikea (Jan 10)
    - Re: NIST IPv6 document Owen DeLong (Jan 10)
    - Re: NIST IPv6 document Jeff Kell (Jan 10)
    - Re: NIST IPv6 document Valdis . Kletnieks (Jan 10)
    - Re: NIST IPv6 document Jack Bates (Jan 10)
    - Re: NIST IPv6 document Owen DeLong (Jan 10)
    - Re: NIST IPv6 document Valdis . Kletnieks (Jan 11)
    - Re: NIST IPv6 document Jack Bates (Jan 11)
    - Re: NIST IPv6 document Owen DeLong (Jan 10)
    - Re: NIST IPv6 document Joel Jaeggli (Jan 05)
    - Re: NIST IPv6 document Dobbins, Roland (Jan 05)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 06)
    - Re: NIST IPv6 document Joel Jaeggli (Jan 06)
    - Re: NIST IPv6 document Jeff Wheeler (Jan 06)

(Thread continues...)