Microsoft: Give Xbox One users IPv6 connectivity
Jakob Hirsch
jh at plonk.de
Fri Mar 14 01:10:22 CET 2014
On 13.03.2014 20:12, Eric Vyncke (evyncke) wrote:
> I still wonder why people REALLY believe in the security of NAT (in the
> sense of blocking inbound connections) in 2014 while most of the botnet
> members are behind a NAT...
I really don't know what this has to do with Toredo or IPv6, but well...
Blocking inbound connections will save your host from remote exploits of
its network services, but not from getting infected by malicious
websites or email attachments. This is out of the scope of the common
RG. And this has nothing to do with AVM, Technicolor or any other RG
manufacturer, last time I checked Cisco RGs did just the same.
> Christopher and others => you are RIGHT! Do not change your mind
Right abouth _what_? You provided not a single reason for the described
behaviour, i.e. the missing fallback to native IPv6.
> -éric (see also
> http://tools.ietf.org/html/draft-ietf-v6ops-balanced-ipv6-security-01 for
> my point of view :-))
I liked especially this section "5. Security Considerations" where it
says "The policy addresses the major concerns related to the loss of
stateful filtering imposed by IPV4 NAPT when enabling public globally
reachable IPv6 in the home." and "This set of rules cannot help with the
following attacks: [...] Malware which is fetched by inside hosts on a
hostile web site (which is in 2013 the majority of infection sources)."
This approach seems a little too bold to me, and the lack of incidents
may just be caused by the lack of attacks via IPv6, but if it works for
Swisscom, good for them.
Jakob
More information about the ipv6-ops
mailing list