Default security functions on an IPv6 CPE
msmith at internode.com.au
Fri May 13 08:11:39 CEST 2011
> Either way you setup the CPE the ISP will get called.
> But, the users who got an open IPv6 firewall and as a result got
> their machine rooted, when their calls come in they will take a lot
> more time and be much more costly.
Have you or Doug read
RFC5157 - IPv6 Implications for Network Scanning
" A typical IPv6 subnet will have 64 bits reserved for host addressing.
In such a case, a remote attacker in principle needs to probe 2^64
addresses to determine if a particular open service is running on a
host in that subnet. At a very conservative one probe per second,
such a scan may take some 5 billion years to complete. A more rapid
probe will still be limited to (effectively) infinite time for the
whole address space."
Still think address scanning is going to be a useful technique under IPv6?
More information about the ipv6-ops