Re: ipv6 question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2011-01-03 at 21:46 -0600, Dave Ihnat wrote: 
> On Mon, Jan 03, 2011 at 07:31:37PM -0500, Michael H. Warfield wrote:
> > The IPv6 firewalls on Linux are just as good as the IPv4 firewalls.  I
> > didn't start participating in IPv6 until I had decent firewalls.  But
> > that was 10 years ago now at this point.  That's old old news.
> 
> That's not my concern.  My concern is flooding the bloody 'Net with
> Sagans of IP addresses and traffic we simply never need to see.  I'm
> afraid, with the current IPv6 model, that's all too likely.

You already are.  The only question is the addresses on the packets.
It's not changing the number of packets, only the addresses.  You're not
flooding anybody with anything that wouldn't be there anyways.  You
don't leak packets just because you're now on a routable address.

> > There is a wide spread myth that NAT and the fact that you are on
> > different addresses some how bestows upon you some measure of security.

> Nope.  Just trying to keep the cr*p out of the public pipes.

Your not.  Not at all...  A packet is a packet is a packet whether it
has the address behind your firewall or some address of your NAT device
or some address of some gods forsaken CGN device.  In the security
business, this has some circles seriously concerned that an IP will only
track back to an ISP and there's no accountability beyond that.  Spam
will be an even worse nightmare if whitelists and blacklists become
useless.  You're living in a dream if you think NAT is doing you any
good at all.

> Cheers,
> --
> 	Dave Ihnat
> 	dihnat@xxxxxxxxxx

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw@xxxxxxxxxxxx
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux