Default security functions on an IPv6 CPE
Rémi Després
remi.despres at free.fr
Thu May 12 16:17:03 CEST 2011
Le 12 mai 2011 à 13:14, Mikael Abrahamsson a écrit :
> On Thu, 12 May 2011, Rémi Després wrote:
>
>> They don't ask for NAT compatibility for the simple reason that they don't know what a NAT is. (User's of Free haven't asked for anything like it.)
>
> They also expect their NAS at home with no password, not to be reachable from the Internet (that's the conclusion I can draw from people being interviewed in the media who got their documents downloaded by someone who accessed their NAS which didn't have a password set).
You have a point if a common NAS product has by default:
- IPv6 enabled,
- no restriction on IPv6 client addresses.
Is this the case?
(If yes, this is a serious security limitation of this product.)
To ensure backward compatibility, more reasonable default behaviors would be:
- IPv4-only, or
- IPv6 enabled, but only for sources on the same link and/or at private addresses fc00::/7.
RD
>
> --
> Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list