Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/7/2010 1:13 PM, Les Mikesell wrote:
> On 12/7/10 11:10 AM, Bowie Bailey wrote:
>
>>> I have a route to his dsl router, which, assuming that the ipv4 and
>>> ipv6 firewalls are as good at allowing/disallowing access, makes his
>>> current ipv4 and his future ipv6 addresses equally accessible.
>> I've been following the NAT debate here and something occurred to me.
>>
>> If you have an IPv4 network with NAT, an attacker doesn't need to know
>> your internal IPs.  All he needs is the IP to your router.  NAT will
>> nicely forward his packets along to whichever internal computer handles
>> the port.
> What port/computer would that be?  Most consumer routers default to not 
> forwarding anything that is not related to prior outbound activity.

And is there any reason to believe that a consumer IPv6 router would
default any differently?  If nothing is being allowed through, there's
not much to be concerned about in either case.  Outside attacks are only
possible if the router/firewall allows the packets through.  I was
referring to a case where there are computers on the inside doing HTTP,
SSH, VPN, SMTP, etc.

If we are talking about a true consumer where there are no services on
the inside, then what does it matter whether the network is presented as
a NAT or a collection of different IP addresses?  If the firewall does
not allow any connections from the outside, who cares whether an
attacker knows your IP?

-- 
Bowie
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux