Default security functions on an IPv6 CPE

S.P.Zeidler spz at
Fri May 13 09:04:55 CEST 2011

Thus wrote Mark Smith (msmith at

> > Either way you setup the CPE the ISP will get called.
> > 
> > But, the users who got an open IPv6 firewall and as a result got
> > their machine rooted, when their calls come in they will take a lot
> > more time and be much more costly.
> > 
> Have you or Doug read
> RFC5157 - IPv6 Implications for Network Scanning
> Still think address scanning is going to be a useful technique under IPv6?

As has been mentioned in this thread, you do not need to scan addresses
when you can harvest active addresses from connects to a hacked webserver
or even from blog comments (and a million other places).

Hiding in the forest only works when you don't move (ie, never use your
address outside your LAN).

spz at (S.P.Zeidler)

More information about the ipv6-ops mailing list