nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 uptake (was: The Reg does 240/4)

From: William Herrin <bill () herrin us>
Date: Fri, 16 Feb 2024 17:30:38 -0800
On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas <mike () mtcc com> wrote:

On 2/16/24 5:05 PM, William Herrin wrote:

Now, I make a mistake on my firewall. I insert a rule intended to
allow packets outbound from 2602:815:6001::4 but I fat-finger it and
so it allows them inbound to that address instead. Someone tries to
telnet to 2602:815:6001::4. What happens? Hacked.


Yes, but if the DHCP database has a mistake it's pretty much the same
situation since it could be numbered with a public address.


Um. No. You'd have to make multiple mistakes cross-contaminating your
public and private ethernet segments yet somehow without completely
breaking your network rendering it inoperable.



NAT is not without its own set of problems,


NAT's problems are legion. But the question was whether and how NAT
improves the security of a network employing it.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/
Previous By Date Next
Previous By Thread Next

Current thread: