> the key difference is that it may be possible to circumvent IPv4 > filters by using IPv4 mapped address (= IPv6 address like > ::ffff:1.2.3.4). the problem is in additional complexity due to > the interaction between IPv4 packet and IPv6 API/packet. I'll give you that there is some additional complexity, but I don't think that addresses in ::ffff:0:0/96 should cause too much trouble, because they were previously bogons. In general, when ever a new protocol is enabled on a network, firewalls, IDSs, and other security devices need to be upgraded (or reconfigured) to support it. Maybe I'm missing something, but I don't see whats so different about using mapped IPv4 addresses on the wire, especially since your bogon filters should already be dropping any use.
Attachment:
signature.asc
Description: This is a digitally signed message part
