Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/7/2010 11:36 AM, Tom H wrote:
>
> I have a route to his dsl router, which, assuming that the ipv4 and
> ipv6 firewalls are as good at allowing/disallowing access, makes his
> current ipv4 and his future ipv6 addresses equally accessible.

I've been following the NAT debate here and something occurred to me.

If you have an IPv4 network with NAT, an attacker doesn't need to know
your internal IPs.  All he needs is the IP to your router.  NAT will
nicely forward his packets along to whichever internal computer handles
the port.  With that one address, he can scan your entire network for
any services available to the Internet.

With an IPv6 network without NAT, an attacker would need to know the
specific IP of the computer he wants to attack.  There is no NAT to
forward along his SSH attack to the correct computer.  To scan your
network for vulnerabilities, he would have to scan every port on every
IP.  Even if he can come up with a list of the IPs that are in use, this
is still much more work than scanning a single (NATed) IP.

-- 
Bowie
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux