Last Chance Rush -- was "Five Security Flaws in IPv6"
Iljitsch van Beijnum
iljitsch at muada.com
Mon May 14 16:32:08 CEST 2007
On 14-mei-2007, at 15:37, Tim Chown wrote:
> ALGs do a nice job today.
ALGs are one of the main reasons why NAT is evil...
> If you plopped a v6 only device on our dual-stack network here
> today it
> could talk via v6 to DNS, MXs, web cache, etc that can relay to v4
> networks... those are the typical v4 legacy apps (mail and web
> browsing)
The interesting thing is that exactly mail and web are the
applications that have the best IPv6 support today.
BTW, after yesterday's discussion I decided to see what happened if I
turned off IPv4 on my Mac. My mailserver does v6 and I've set up an
HTTP/HTTPS proxy that takes care of pretty much everything else. So
far, the only real problem I have is that I can't use iChat or
another chat application, even though iChat will use a proxy for AIM
and do Jabber over IPv6 when there is IPv4 connectivity. Apparently,
the app uses its own logic to determine if there is connectivity and
this is a bit too aggressive. Most other apps can be fooled by having
127.0.0.1 as an extra DNS resolver in addition to the v6 ones that do
the actual work.
> while we might expetc v6 to be used for more interesting p2p apps
> (e.g.
> see how better BitTorrent works with no NAT) between SOHO type
> systems.
I would love to see BitTorrent over v6. Are there servers (trackers)
and clients, and any stuff available over v6?
Iljitsch
More information about the ipv6-ops
mailing list