Default security functions on an IPv6 CPE

Gert Doering gert at
Fri May 6 21:21:32 CEST 2011


On Thu, May 05, 2011 at 11:46:12AM -0700, Doug Barton wrote:
> The whole "restore e2e" pipe dream needs to die. The naive user has been 
> conditioned by a lifetime of NAT that there should be no access from the 
> outside world allowed into his network without explicitly enabling it. 

The naive user should better learn that there is no security but proper
*host* security - his NAT at home won't protect him from a friend 
visiting with an infected laptop, or his own laptop being used in a 
public hotspot...

Nor will the NAT protect against what comprises most client PC incidents
these day - users having non-patched software on their systems and
clicking on things they shouldn't.

Welcome to 2011 :-)

Gert Doering
        -- NetMaster
did you enable IPv6 on something today...?

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list