Default security functions on an IPv6 CPE
S.P.Zeidler
spz at serpens.de
Fri May 13 09:04:55 CEST 2011
Thus wrote Mark Smith (msmith at internode.com.au):
> > Either way you setup the CPE the ISP will get called.
> >
> > But, the users who got an open IPv6 firewall and as a result got
> > their machine rooted, when their calls come in they will take a lot
> > more time and be much more costly.
> >
>
> Have you or Doug read
>
> RFC5157 - IPv6 Implications for Network Scanning
[...]
> Still think address scanning is going to be a useful technique under IPv6?
As has been mentioned in this thread, you do not need to scan addresses
when you can harvest active addresses from connects to a hacked webserver
or even from blog comments (and a million other places).
Hiding in the forest only works when you don't move (ie, never use your
address outside your LAN).
regards,
spz
--
spz at serpens.de (S.P.Zeidler)
More information about the ipv6-ops
mailing list