[AusNOG] Default IPv6 Local Only Addressing for Non-Internet Devices

Beeson, Ayden abeeson at csu.edu.au
Wed Oct 16 16:23:10 EST 2019


That’s a bit of a stretch isn’t it though for a general use case.

It’s pretty simple to

  1.  Not enable remote printing from another subnet / the internet by default
  2.  Not allow printing without proper auth, especially remotely
  3.  Not allow incoming connections through a router without some config, thus making a and b moot points anyway. (stateful outbound only firewalling on IPv6 should be a default feature in my opinion, replicating the “protections” that NAT gives regular users now without them needing to do anything)

Anything that pulls things off IPv6 global addresses by default is a huge mistake from my POV and will only cause confusion and support issues later on. An option you can turn on if you know what you are doing is fine.

Cheers,
Ayden


From: AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Mark Smith <markzzzsmith at gmail.com>
Date: Wednesday, 16 October 2019 at 3:36 pm
To: James Hodgkinson <yaleman at ricetek.net>
Cc: "<ausnog at lists.ausnog.net>" <ausnog at lists.ausnog.net>, Paul Brooks <pbrooks-ausnog at layer10.com.au>
Subject: Re: [AusNOG] Default IPv6 Local Only Addressing for Non-Internet Devices


On Wed, 16 Oct 2019, 13:21 James Hodgkinson, <yaleman at ricetek.net<mailto:yaleman at ricetek.net>> wrote:
I could see it as being a great option, but making it a default would be a support nightmare.

"but grandma's printer works from anywhere, why doesn't mine?"

How often have you heard of or seen anybody print something remotely from their home over the Internet, let alone a grandmother?

There's actually a fire risk of printing remotely. The paper can jamb and then contact hot parts in the printer.


lp0 on fire
https://en.m.wikipedia.org/wiki/Lp0_on_fire<http://antispam.csu.edu.au:32224/?dmVyPTEuMDAxJiYwY2QyYjg0ZWY1MDgzNGUzZT01REE2OUUzRl81OTA1OV8xMjU2OV8xJiZkNzQwNDEyOTM4NzI5ZGY9MTMzMyYmdXJsPWh0dHBzJTNBJTJGJTJGZW4lMkVtJTJFd2lraXBlZGlhJTJFb3JnJTJGd2lraSUyRkxwMCU1Rm9uJTVGZmlyZQ==>



"Printers Can Be Hacked to Catch Fire"

https://www.scientificamerican.com/article/printers-can-be-hacked-to-catch-fire/<http://antispam.csu.edu.au:32224/?dmVyPTEuMDAxJiYwZWQyYmEwMWY3MWYyMWE1Zj01REE2OUUzRl81OTA1OV8xMjU2OV8xJiY5N2MwMTU1ZGZhNDM0YzA9MTMzMyYmdXJsPWh0dHBzJTNBJTJGJTJGd3d3JTJFc2NpZW50aWZpY2FtZXJpY2FuJTJFY29tJTJGYXJ0aWNsZSUyRnByaW50ZXJzLWNhbi1iZS1oYWNrZWQtdG8tY2F0Y2gtZmlyZSUyRg==>



James

On Wed, 16 Oct 2019, at 12:06, Paul Brooks wrote:
> On 15/10/2019 2:33 pm, Mark Smith wrote:
> > I recently bought an IPv6 enabled Wifi printer. As it is attached to
> > my single Wifi SSID it is configuring itself with IPv6 global
> > addresses, even though I don't need it to be reachable from the
> > Internet or able to reach the Internet. (It would be relatively hard
> > to find from the Internet anyway with /64 prefix, and there is an IPv6
> > firewall in front if it).
> >
> > I think it would be better for these types of "Non-Internet' devices
> > not to configure themselves with global IPv6 addresses by default.
>
> It probably checks back to home base for firmware updates, and
> downloads firmware
> updates direct from the manufacturer - it will need a global address
> for that.
>
> It probably has a function (that may or may not be enabled by default)
> to register
> with an external rendezvous site to enable you to print to it from
> outside your home
> network, or via an app or plugin from a mobile device - it will need a
> global address
> for that (and many would want to block that from happening).
>
> *you* may not want it to be Internet-reachable, but sure as eggs the printer
> manufacturer considers external connectivity an essential and major ease-of-use
> feature, so good luck with that!
>
> Paul
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
> http://lists.ausnog.net/mailman/listinfo/ausnog<http://antispam.csu.edu.au:32224/?dmVyPTEuMDAxJiY0NmQ1YmMxNGI1MTczMmE1Zj01REE2OUUzRl81OTA1OV8xMjU2OV8xJiY2NzAwZTE1OTNhNzMwOWM9MTMzMyYmdXJsPWh0dHAlM0ElMkYlMkZsaXN0cyUyRWF1c25vZyUyRW5ldCUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRmF1c25vZw==>
>
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/aus<http://antispam.csu.edu.au:32224/?dmVyPTEuMDAxJiY0NmQ1YmMxNGI1MTczMmE1Zj01REE2OUUzRl81OTA1OV8xMjU2OV8xJiY2NzAwZTE1OTNhNzMwOWM9MTMzMyYmdXJsPWh0dHAlM0ElMkYlMkZsaXN0cyUyRWF1c25vZyUyRW5ldCUyRm1haWxtYW4lMkZsaXN0aW5mbyUyRmF1c25vZw==>


More information about the AusNOG mailing list