question regarding over the counter devices
bjorn at mork.no
Wed Mar 1 10:03:48 CET 2017
Mikael Abrahamsson <swmike at swm.pp.se> writes:
> I just had a discussion with people from an ISP in the process of
> implementing IPv6. They were afraid of turning on IPv6 for customers
> who had purchased their own routers themselves, because these routers
> might not have IPv6 firewalling on by default, thus exposing customers
> who used to be "protected" by IPv4 NAT, to now be exposed with
> unfirewalled IPv6.
As an ISP: If you don't manage the CPE, should you even care?
yes, yes, being nice is good. But this is an impossible task. There is
no way you can make assumptions about the security of any unmanaged CPE,
with or without IPv6.
If you care about the security of arbitrary customer owned devices, then
you should probably start by disabling IPv4.
More information about the ipv6-ops