Default security functions on an IPv6 CPE

Rémi Després remi.despres at free.fr
Thu May 12 16:17:03 CEST 2011


Le 12 mai 2011 à 13:14, Mikael Abrahamsson a écrit :

> On Thu, 12 May 2011, Rémi Després wrote:
> 
>> They don't ask for NAT compatibility for the simple reason that they don't know what a NAT is. (User's of Free haven't asked for anything like it.)
> 
> They also expect their NAS at home with no password, not to be reachable from the Internet (that's the conclusion I can draw from people being interviewed in the media who got their documents downloaded by someone who accessed their NAS which didn't have a password set).

You have a point if a common NAS product has by default:
- IPv6 enabled,
- no restriction on IPv6 client addresses. 
Is this the case?
(If yes, this is a serious security limitation of this product.)

To ensure backward compatibility, more reasonable default behaviors would be:
- IPv4-only, or 
- IPv6 enabled, but only for sources on the same link and/or at private addresses fc00::/7.

RD



> 
> -- 
> Mikael Abrahamsson    email: swmike at swm.pp.se



More information about the ipv6-ops mailing list