CPE Residential IPv6 Security Poll

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Tue Sep 20 15:49:08 CEST 2016

No, didn’t included anything about security, unfortunately (now I realize having missed it !) I will consider upgrading the actual questions or making a specific one related to security …

I’ve got already over 1.100 responses, and I’m waiting for Korean ISPs to start responding … I think is the only country which didn’t responded at all.

I did a quick presentation about the data both in the last v6ops and IEPG meetings. Will do a new presentation at the next LACNIC meeting and hopefully at the next RIPE one.


-----Mensaje original-----
De: <ipv6-ops-bounces+jordi.palet=consulintel.es at lists.cluenet.de> en nombre de Tim Chown <Tim.Chown at jisc.ac.uk>
Responder a: <Tim.Chown at jisc.ac.uk>
Fecha: martes, 20 de septiembre de 2016, 14:50
Para: Benedikt Stockebrand <bs at stepladder-it.com>, Jordi Palet Martinez <jordi.palet at consulintel.es>
CC: IPv6 Ops list <ipv6-ops at lists.cluenet.de>, "Anfinsen, Ragnar" <Ragnar.Anfinsen at altibox.no>
Asunto: Re: CPE Residential IPv6 Security Poll

    Was this one of the questions asked in Jordi’s survey?  I’m not sure I’ve seen the results published as yet, but he got a fantastic level of response (over 200 iirc)… Jordi? :)
    > On 20 Sep 2016, at 13:44, Benedikt Stockebrand <bs at stepladder-it.com> wrote:
    > Hi Ragnar and list,
    > as far as I can tell, little has changed at least in Germany since our
    > last discussion on this (except that I've since sobered up again:-)
    > I guess you won't be surprised that I still share the same opinion as
    > Ted:-)
    > So far all I've consciously seen on consumer CPEs is "per default, allow
    > all outbound, block all inbound".  I'm not sure if there are any ultra
    > cheap CPEs out that don't even let users configure inbound rules, but
    > I've never had the need to deal with anything like that.
    > However, one rather interesting thing has changed here: Since August
    > this year, ISPs can by law no longer force their customers in Germany to
    > use the CPE they provide.  The implications here are yet to appear, but
    > one possible effect might be that the ISPs move away from the
    > all-features-you-never-wanted-plus-some-extra CPEs they so far forced on
    > their customers to minimalistic devices they can just manage via TR-069
    > or similar (reaching a setup similar ot the old NT1/NT2 split with ISDN
    > in Europe), eventually leaving the filtering to the end user again.
    > With business customers the range obviously goes from "consumer grade is
    > good enough so why use anything else" for small businesses to dark fiber
    > for customers running their own AS.
    > Cheers,
    >    Benedikt
    > -- 
    > Benedikt Stockebrand,                   Stepladder IT Training+Consulting
    > Dipl.-Inform.                           http://www.stepladder-it.com/
    >          Business Grade IPv6 --- Consulting, Training, Projects
    > BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/

More information about the ipv6-ops mailing list