question regarding over the counter devices

Mikael Abrahamsson swmike at
Wed Mar 1 10:11:01 CET 2017

On Wed, 1 Mar 2017, Bjørn Mork wrote:

> As an ISP: If you don't manage the CPE, should you even care?

That is good question. In Sweden ISPs have gotten in trouble historically 
for not filtering stuff and customers files were exposed. For instance 
when ETTH had people plug their computers directly into the ETTH RJ45 jack 
(12-15 years ago), had no-password SMB shares on their computers, and 
there was no broadcast filtering on the LAN. Then they could "see" other 
users SMB shares and access them, and this made the papers as "unsecure". 
This was blamed on ISPs, not users.

So when IPv6 now comes along, ISPs are scared that users might have 
no-firewall IPv6 devices, so when IPv6 is enabled all of a sudden lots of 
unsecured devices are then reachable from the Internet, devices that were 
configured in that way because before NAT "protected" them.

> yes, yes, being nice is good.  But this is an impossible task.  There is
> no way you can make assumptions about the security of any unmanaged CPE,
> with or without IPv6.

I tend to agree, but I can also understand why an ISP might hesitate in 
this case.

Mikael Abrahamsson    email: swmike at

More information about the ipv6-ops mailing list