CPE Residential IPv6 Security Poll

Benedikt Stockebrand bs at stepladder-it.com
Tue Sep 20 14:44:52 CEST 2016

Hi Ragnar and list,

as far as I can tell, little has changed at least in Germany since our
last discussion on this (except that I've since sobered up again:-)

I guess you won't be surprised that I still share the same opinion as

So far all I've consciously seen on consumer CPEs is "per default, allow
all outbound, block all inbound".  I'm not sure if there are any ultra
cheap CPEs out that don't even let users configure inbound rules, but
I've never had the need to deal with anything like that.

However, one rather interesting thing has changed here: Since August
this year, ISPs can by law no longer force their customers in Germany to
use the CPE they provide.  The implications here are yet to appear, but
one possible effect might be that the ISPs move away from the
all-features-you-never-wanted-plus-some-extra CPEs they so far forced on
their customers to minimalistic devices they can just manage via TR-069
or similar (reaching a setup similar ot the old NT1/NT2 split with ISDN
in Europe), eventually leaving the filtering to the end user again.

With business customers the range obviously goes from "consumer grade is
good enough so why use anything else" for small businesses to dark fiber
for customers running their own AS.



Benedikt Stockebrand,                   Stepladder IT Training+Consulting
Dipl.-Inform.                           http://www.stepladder-it.com/

          Business Grade IPv6 --- Consulting, Training, Projects

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/

More information about the ipv6-ops mailing list