[GRLUG] IPv6: My views

Adam Tauno Williams awilliam at whitemice.org
Fri Jun 8 16:29:50 EDT 2012


On Fri, 2012-06-08 at 15:25 -0500, L. V. Lammert wrote: 
> > On Fri, 2012-06-08 at 16:02 -0400, detrix42 at gmail.com wrote:
> > > Hello everyone.  About three months ago I look around to see if there
> > > were any IPv6 ready home routers.
> > No, it is *NOT* a security issue.  It is *NOT* a security issue.
> Sorry, that is very shortsighted and elitist! 

Yes, truth can be that way.

> If you have public ports
> that need to transit the 'boundary', then fine, a firewall is required.

No, a firewall is always required.

> However, for 99% of the SOHO/Home users, NAT is EXTREMELY valuable
> security,

No, it adds nothing at all to their security.

BLOCK ALL INGRESS.
PERMIT STATEFUL EGRESS.

Done, secure, and with far fewer caveats than [ NAT + IPv4 w /
protocol_specific_hacks + hopeless_broken_multicast ].

> something that protects against a significant number of threats.

NAT does not protect you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20120608/5f143324/attachment.pgp>


More information about the grlug mailing list