[AusNOG] IPv6 excuses

Pete Mundy pete at fiberphone.co.nz
Fri May 27 15:11:57 EST 2016 

> On 27/05/2016, at 4:55 pm, Philip Loenneker <Philip.Loenneker at tasmanet.com.au> wrote:
> 
> I'm curious to know if/how providers that have enabled IPv6 are protecting users after the introduction of IPv6. The majority of end users are not capable, and probably should not be expected to be capable, of maintaining a suitable firewall. The wide variety of routers available would offer an equally wide variety of protection to IPv6 clients. 
> 
> Despite all the shortcomings, NAT provides a very convenient barrier between the Internet and customer internal networks. 


Refer AusNOG archives from earlier this month for a thread with subject 'Au IPv6 doubling?' which contains a discussion around this subject.

One particular message from the thread that sums it up well is quoted follow below. But there are others, so it's worth reviewing the entire thread.

(tldr; the providers shouldn't be 'protecting' their users)

Pete


On 6/05/2016, at 8:45 am, Mark Smith <markzzzsmith at gmail.com> wrote:
On 5 May 2016 20:28, "Peter Fern" <ausnog at 0xc0dedbad.com <mailto:ausnog at 0xc0dedbad.com>> wrote:
>
> What do the default firewalls look like on those modems?  Will we
> suddenly find thousands of Windows PCs directly accessible on the Internet?


Possibly, and it doesn't matter.

https://technet.microsoft.com/library/bb877979 <https://technet.microsoft.com/library/bb877979>
Every version of Windows since then has had a host firewall, mainly courtesy of this guy - http://www.huitema.net/bio.asp <http://www.huitema.net/bio.asp> (his "Routing In The Internet" book is excellent).

The easier target these days is the unmaintained CPE itself, and they're much easier to find.

http://routersecurity.org/bugs.php <http://routersecurity.org/bugs.php>
People need to stop thinking that host security is stuck in the in the 1990s/early 2000s. There are instances where it is, but it is not universal.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160527/541ecba6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4118 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160527/541ecba6/attachment.bin>

More information about the AusNOG mailing list