[AusNOG] IPv6 excuses

Peter Tiggerdine ptiggerdine at gmail.com
Sat May 28 14:11:56 EST 2016


Because as pointed out most exploits ingress over email and layer 7. Which
is the responsibility of the end users not ISPs. Unless you're doing a
managed service it's not the concern of the network operators.

This idea that ISPs are responsible for end user security is the same
argument that movies use to try and corner ISPs into being responsible for
users downloading torrents.

Anyone above layer 4 is not an issue for network operators.

Put your energy into bullying hardware vendors for better and simpler
security on the cpe and then allow users to make they're on choices.

On May 28, 2016 13:43, "Mark Smith" <markzzzsmith at gmail.com> wrote:

> On 28 May 2016 at 12:51, Peter Tiggerdine <ptiggerdine at gmail.com> wrote:
> > All the hyperventilating on a Saturday morning over one problem that
> could
> > be solve with a half decent cpe.
>
> So where is the list of half decent CPE?
>
>
> > Block traffic on the forwarding table
> > inbound  to the rest of the internal network. Allow established session
> > only.
> >
> > Problem solved.
> >
>
> So IPv4 NAT inherently works this way. Why do we still have botnets?
>
>
> > Simple tick box (on by default).
> >
> > Most ISPs provide some sort of software for free  for endpoint protection
> > with built in firewall.
> >
> > Let people make their own choices.
> >
> >
> > On May 28, 2016 12:29, "Karl Auer" <kauer at biplane.com.au> wrote:
> >>
> >> On Sat, 2016-05-28 at 12:01 +1000, Mark Andrews wrote:
> >> > Being behind a NAT doesn't protect devices. All it takes is a single
> >> > compromised machine.  The same applies to firewalls.  Each and every
> >> > device needs to protect itself.
> >>
> >> +1
> >>
> >> The vast majority of threats swan straight through ANY firewall on the
> >> back of an email or a download, or are transferred in on portable
> >> media. Trojans all, invited in.
> >>
> >> Regards, K.
> >>
> >> --
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> Karl Auer (kauer at biplane.com.au)
> >> http://www.biplane.com.au/kauer
> >> http://twitter.com/kauer389
> >>
> >> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> >> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
> >>
> >>
> >>
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160528/e398bb08/attachment.html>


More information about the AusNOG mailing list