[AusNOG] IPv6 excuses
Peter Fern
ausnog at 0xc0dedbad.com
Sat May 28 13:13:31 EST 2016
On 05/28/16 12:01, Mark Andrews wrote:
>>> e.g. TV's don't need to be listening on the net.
>> They don't need to be, but are they? Now TVs support all sorts of
>> streaming protocols, etc. I have no idea what the quality of code is
>> like on TV firmware. And you can add streaming boxes, light bulbs, IoT,
>> etc to the list.
> Yes, they support all sorts of streaming protocols. Lots of protocols
> we use every day in browers and other applications. Invariably the
> boxes are using exactly the same libraries yet you are scare because
> its in a streaming box instead of the browser.
No, they additionally implement servers for stuff like DLNA, Airplay,
Google Cast, etc. Some of these protocols only work locally, some don't
have that limitation. Modern TVs may also allow installing apps, that
may expose other services. And this is just one example appliance.
> Being behind a NAT doesn't protect devices. All it takes is a single
> compromised machine. The same applies to firewalls. Each and every
> device needs to protect itself.
Being behind NAT (or a CPE firewall) does protect insecure devices from
providing additional pivots into the network though. And, you know,
stops the Internet from playing with people's 'smart' lights, watching
their IP cams, etc.
You might argue that end users should deal with this themselves, but
many end users are either incapable or uninformed, and if it's trivial
to provide protection at the CPE with minimal impact, how is this a bad
idea?
More information about the AusNOG
mailing list