[AusNOG] My Predictions for the ISP Industry
Eric Pinkerton
Eric.Pinkerton at stratsec.net
Thu Mar 15 13:22:05 EST 2012
>I can't see why you wouldn't turn it on now if you had the option.
One of the things that I haven't seen much discussed about is that in turning on dual stack you are obviously increasing your attack surface.
Bad people* have been playing with IPV6 for quite some time, thanks to anonymity provided by tunnelling, and of course because many of the current defensive measures are behind the curve here. Also you can draw your own conclusions about the efficacy of current LI solutions where IPV6 is concerned.
There are number exploits specifically targeting weaknesses within IPV6 and ICMP6 protocols, and research has put pay to earlier misguided perceptions that IPV6 is inherently more secure that its predecessor. Add to this an increase in the opportunity for configuration mistakes and you start to appreciate why many organisations are in 'wait and see what everyone else does' mode.
Regards
Eric Pinkerton
Principal Consultant
STRATSEC.NET PTY LTD
* http://www.internetsecuritydb.com/2011/07/australian-feds-unmask-evil.html
--
Message protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg
More information about the AusNOG
mailing list