Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Dec 7, 2010 at 10:29 AM, Bob McConnell <rmcconne@xxxxxxxxxxxxx> wrote:
> Adam Tauno Williams wrote:
>> On Mon, 2010-12-06 at 18:28 -0500, Bob McConnell wrote:
>>>> IPv6 is not broken by design. NAT was implemented to extend the time
>>>> until IPv4 exhaustion. A side effect was hiding the internal IPv4
>>>> address, which complicates a number of protocols like FTP and SIP. The
>>>> only downside I see is ISPs could try and charge based on the number
>>>> of IPv6 addresses being used.
>>> No, the downside is that each address used will be exposed to the world.
>>
>> False.  That is *NOT* a downside.
>>
>> NAT is *NOT* a magic sauce - install a firewall [which you probably
>> already have].  Problem solved.
>>
>>> I consider that a serious security flaw.
>>
>> It is not.
>>
>>> Having my ISP know how many
>>> computers I have is a minor issue covered by the contract I have with
>>> them.
>>
>> So you want to cheap on the legal contract you agreed to?
>
> No, if they want too much money before I can install additional
> computers, I have several other choices, some of which will likely be
> less expensive. Currently, their TOS is not an issue.
>
>>> But having all of those addresses exposed to Russian mobsters,
>>> terrorists, crackers and everyone else that knows how to capture packets
>>> is another matter altogether. If IPv6 exposes that information to the
>>> world, it is definitely unsafe to use.
>>
>> The "Russian mobsters" can already do that; if you think NAT is
>> protecting you from that then you are mistaken.
>
> NAT hides the IP addresses of the computers inside my firewall. The only
> address exposed is the temporary address assigned to the firewall
> itself. That box can be run on the most secure OS I can find (currently
> one of the BSD's), and allows me to operate other systems behind it that
> aren't as well protected. This makes it significantly more difficult for
> those mobsters to penetrate my network.

Is 172.16.10.72 a private address of yours or of your ISP?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux