nanog mailing list archives
Re: NIST IPv6 document
From: Owen DeLong <owen () delong com>
Date: Mon, 10 Jan 2011 23:10:50 -0800
On Jan 10, 2011, at 8:22 PM, Jack Bates wrote:
On 1/10/2011 6:33 PM, Valdis.Kletnieks () vt edu wrote:I'd say on the whole, it's a net gain - the added ease of tracking down the click-here-to-infect machines that are no longer behind a NAT outweighs the little added security the NAT adds (above and beyond the statefulness that both NAT and a good firewall both add).Really? Which machine was using the privacy extension address on the /64? I don't see how it's made it any easier to track. In some ways, on provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's one extra nightmare. Jack
At least I can tell which segment the pwn3d machine is on. As it currently stands, I'm lucky if I can tell which state the pwn3d machine inside $ENTERPRISE is located in. Sometimes, you can't even tell which country. Owen
Current thread:
- Re: NIST IPv6 document, (continued)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Joe Greco (Jan 06)
- Re: NIST IPv6 document Dobbins, Roland (Jan 06)
- Re: NIST IPv6 document David Sparro (Jan 07)
- Re: NIST IPv6 document Lamar Owen (Jan 10)
- Re: NIST IPv6 document mikea (Jan 10)
- Re: NIST IPv6 document Owen DeLong (Jan 10)
- Re: NIST IPv6 document Jeff Kell (Jan 10)
- Re: NIST IPv6 document Valdis . Kletnieks (Jan 10)
- Re: NIST IPv6 document Jack Bates (Jan 10)
- Re: NIST IPv6 document Owen DeLong (Jan 10)
- Re: NIST IPv6 document Valdis . Kletnieks (Jan 11)
- Re: NIST IPv6 document Jack Bates (Jan 11)
- Re: NIST IPv6 document Owen DeLong (Jan 10)
- Re: NIST IPv6 document Joel Jaeggli (Jan 05)
- Re: NIST IPv6 document Dobbins, Roland (Jan 05)
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Re: NIST IPv6 document Joel Jaeggli (Jan 06)
- Re: NIST IPv6 document Jeff Wheeler (Jan 06)
- Re: NIST IPv6 document Bill Bogstad (Jan 06)
- Re: NIST IPv6 document Miquel van Smoorenburg (Jan 06)