Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 2010-12-06 at 18:28 -0500, Bob McConnell wrote: 
> > IPv6 is not broken by design. NAT was implemented to extend the time
> > until IPv4 exhaustion. A side effect was hiding the internal IPv4
> > address, which complicates a number of protocols like FTP and SIP. The
> > only downside I see is ISPs could try and charge based on the number
> > of IPv6 addresses being used.
> No, the downside is that each address used will be exposed to the world.

False.  That is *NOT* a downside.

NAT is *NOT* a magic sauce - install a firewall [which you probably
already have].  Problem solved.

> I consider that a serious security flaw. 

It is not.

> Having my ISP know how many 
> computers I have is a minor issue covered by the contract I have with 
> them. 

So you want to cheap on the legal contract you agreed to?

> But having all of those addresses exposed to Russian mobsters, 
> terrorists, crackers and everyone else that knows how to capture packets 
> is another matter altogether. If IPv6 exposes that information to the 
> world, it is definitely unsafe to use.

The "Russian mobsters" can already do that; if you think NAT is
protecting you from that then you are mistaken.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux