question regarding over the counter devices
Mikael Abrahamsson
swmike at swm.pp.se
Wed Mar 1 10:11:01 CET 2017
On Wed, 1 Mar 2017, Bjørn Mork wrote:
> As an ISP: If you don't manage the CPE, should you even care?
That is good question. In Sweden ISPs have gotten in trouble historically
for not filtering stuff and customers files were exposed. For instance
when ETTH had people plug their computers directly into the ETTH RJ45 jack
(12-15 years ago), had no-password SMB shares on their computers, and
there was no broadcast filtering on the LAN. Then they could "see" other
users SMB shares and access them, and this made the papers as "unsecure".
This was blamed on ISPs, not users.
So when IPv6 now comes along, ISPs are scared that users might have
no-firewall IPv6 devices, so when IPv6 is enabled all of a sudden lots of
unsecured devices are then reachable from the Internet, devices that were
configured in that way because before NAT "protected" them.
> yes, yes, being nice is good. But this is an impossible task. There is
> no way you can make assumptions about the security of any unmanaged CPE,
> with or without IPv6.
I tend to agree, but I can also understand why an ISP might hesitate in
this case.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list