Default security functions on an IPv6 CPE

S.P.Zeidler spz at serpens.de
Fri May 13 09:04:55 CEST 2011


Thus wrote Mark Smith (msmith at internode.com.au):

> > Either way you setup the CPE the ISP will get called.
> > 
> > But, the users who got an open IPv6 firewall and as a result got
> > their machine rooted, when their calls come in they will take a lot
> > more time and be much more costly.
> > 
> 
> Have you or Doug read
> 
> RFC5157 - IPv6 Implications for Network Scanning
[...]
> Still think address scanning is going to be a useful technique under IPv6?

As has been mentioned in this thread, you do not need to scan addresses
when you can harvest active addresses from connects to a hacked webserver
or even from blog comments (and a million other places).

Hiding in the forest only works when you don't move (ie, never use your
address outside your LAN).

regards,
	spz
-- 
spz at serpens.de (S.P.Zeidler)


More information about the ipv6-ops mailing list