[AusNOG] Au IPv6 doubling?

Mark Andrews marka at isc.org
Fri May 6 11:00:43 EST 2016


In message <79FE3612-522D-4A49-916E-3091DABB00D1 at atdot.dotat.org>, Mark Newton 
writes:
> On May 5, 2016, at 8:28 PM, Peter Fern <ausnog at 0xc0dedbad.com> wrote:
> 
> > What do the default firewalls look like on those modems?  Will we
> > suddenly find thousands of Windows PCs directly accessible on the Internet?
> 
> <rolls eyes>
> 
>   - mark

Home CPE routers should only have to drop spoofed packets (in and
out).  The router knows what addresses are theoretically internal
and should only be receiving them from the internal interface sans
source routed packets.  Similarly only internal address should be
being received from the inside of the network.

If IP equipement is not capable of being directly connected the the
Internet then it should be withdrawn from sale and the manufacturers
fined for producing sub-standard products.  This especially applies
to equipement marketed for home/domestic use.

If equipement can't meet this standard then it needs to be clearly
marked as:

"REQUIRES EXTERNAL INTERNET FIREWALL TO BE INSTALLED TO PROTECT THIS PRODUCT"

Home IP equipment should also all come with documentation on where
to update the code it is running from and that should be valid for
a minimum of 10 years from the date of last shipment.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the AusNOG mailing list