IPv6 Firewall on CPEs - Default on or off

Nick Hilliard nick at foobar.org
Mon Nov 26 19:17:03 CET 2012

On 26/11/2012 17:35, Doug Barton wrote:
> 1. Customers have the expectation that there will be "protection" at the
> router, even if they can't articulate what/why.
> 2. The fact that there is little/no exploitation of inbound v6 by
> attackers currently does not mean that there will not be any in the
> future. In fact, the opposite is true. As v6 deployments become more
> popular, with firewalls default off, that will become a more popular
> attack vector.
> 3. If v6 develops the reputation of being a security vulnerability it
> will be devastating to long-term deployment.

Although i hate "me too" emails, I'm completely with Doug on this one.

As operations people we have a general requirement to make sensible
recommendations for non technical people.  What's good for us (not much
firewalling) is probably not a good idea for granny, her unpatched version
of vista and the unmaintained router underneath the telephone table with a
trash default password.


More information about the ipv6-ops mailing list