Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, 2010-12-07 at 10:01 -0600, Les Mikesell wrote: 
> On 12/7/10 9:07 AM, Adam Tauno Williams wrote:
> > site-local addresses are officially deprecated.
> > If you want a device to only be available locally - block the traffic
> > to/from that device.
> So security will depend on every connection owner having a high level of 
> knowledge about ipv6 internals?  

Yes.  Exactly like IPv4! (given that network security professionals have
existed for a long time)

Install a stateful firewall just like with IPv4!  Stateful firewalls
being things created by people "having a high level of knowledge
about ... internals".

Problem solved [for 99.44% of the population], just like IPv4!

And to add a nice sprinkling of obscurity - every time your computer
reboots [or interface resets] it generates a different ["random"] IPv6
address within your *HUGE* subnet.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux