nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: Joel Jaeggli <joelja () bogus com>
Date: Sat, 15 Jan 2011 15:01:23 +0100
On 1/15/11 1:24 PM, Leen Besselink wrote:


I'm a full supported for getting rid of NAT when deploying IPv6, but
have to say the alternative is not all that great either.

Because what do people want, they want privacy, so they use the
IPv6 privacy extensions. Which are enabled by default on Windows
when IPv6 is used on XP, Vista and 7.


There aren't enough hosts on most subnets that privacy extensions
actually buy you that much. sort of like have a bunch of hosts behind a
single ip, a bunch of hosts behind a single /64 aren't really insured
much in the way of privacy, facebook is going to know that it's you.


And now you have no idea who had that IPv6-address at some point
in time. The solution to that problem is ? I guess the only solution is to
have the IPv6 equivalant of arpwatch to log the MAC-addresses/IPv6-
address combinations ?

Or is their an other solution I'm missing.
Previous By Date Next
Previous By Thread Next

Current thread: