Default security functions on an IPv6 CPE
S.P.Zeidler
spz at serpens.de
Sun Jun 5 12:13:39 CEST 2011
Hi Nick,
Thus wrote Nick Hilliard (nick at foobar.org):
> On 02/06/2011 18:23, S.P.Zeidler wrote:
> >FTP is just a rather well know example of the class of problem;
> >for ftp itself, PASV exists so it's rarely an issue any more.
>
> PASV just shifts the problem from one side of the link to the other.
> It doesn't actually solve anything.
I think you lost me there. It does make it so you have the server always
be the entity that listens and the client always be the entity that
originates connections, right? Thus coping with the standard NAPT problem
that only one side can create a NAT table entry and thus enable
communication across it.
What problem are you referring to?
regards,
spz
--
spz at serpens.de (S.P.Zeidler)
More information about the ipv6-ops
mailing list