IPv6 Firewall on CPEs - Default on or off

Anfinsen, Ragnar Ragnar.Anfinsen at altibox.no
Mon Nov 26 20:29:16 CET 2012


On 26.11.12 18:35, "Doug Barton" <dougb at dougbarton.us> wrote:


>1. Customers have the expectation that there will be "protection" at the
>router, even if they can't articulate what/why.
>2. The fact that there is little/no exploitation of inbound v6 by
>attackers currently does not mean that there will not be any in the
>future. In fact, the opposite is true. As v6 deployments become more
>popular, with firewalls default off, that will become a more popular
>attack vector.
>3. If v6 develops the reputation of being a security vulnerability it
>will be devastating to long-term deployment.
>
>The answer to UPnP not supporting v6 properly is to fix it, not to
>pretend it isn't necessary.

Great against arguments, thanks.

/Ragnar




More information about the ipv6-ops mailing list