A challenge (was Re: Default security functions on an IPv6 CPE)
S.P.Zeidler
spz at serpens.de
Thu May 19 08:24:02 CEST 2011
Thus wrote Mark Smith (nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org):
> The part of the threat model that people are using to justify IPv6 CPE
> firewalling is invalid, because it is based on the invalid assumptions
> that:
>
> o IPv6's address space is the same size as IPv4's
[...]
> o that inbound unsolicited address scanning is the most likely attack
> vector.
No. There are other ways to get at addresses but scanning, as has been
mentioned several times. I do not agree with Ted on just shutting down
inbound completely, but -this- is a strawman, and I dislike fud.
regards,
spz
--
spz at serpens.de (S.P.Zeidler)
More information about the ipv6-ops
mailing list