Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 8/12/10 4:12 AM, David Sommerseth wrote:
> On 07/12/10 16:49, Bob McConnell wrote:
>>
>> No, it is not FUD, it is a real concern by people with much to lose. 
>> Those of you evangelizing this new, and still unproven technology can't 
>> seem to recognize this simple fact.
> 
> This is FUD. 

Agreed, but I'm not adding more to the pro-IPv6 chorus, because it's
already being covered very well, both here and on NANOG (and
ipv6-ops).

> And due to the enormous address space IPv6 gives each single site,
> doing a brute-force attack against more IP addresses will be a
> never-ending story.  Try to double 4.294.967.296 32 times, and
> you'll have the number of addresses available *only to you* in *one*
> /64 subnet.

Anyone wanting a nice clear explanation of the numbers of IPv6 address
space:

http://www.ripe.net/info/info-services/addressing.html

> If you then even introduce IPv6 Privacy Extensions, which will
> randomise and change the IPv6 address regularly, an attacker will
> shoot at a moving target.  Then put this "moving target" behind a
> firewall which doesn't provide access from the outside to the inside
> (only from inside to outside), and the attacker will not know if he
> hits or not.

This coupled with statefull firewalling should cover everyone's needs.

No doubt there will still be people like Bob who will remain
unconvinced until everyone around them become the proof.  If they
really want to deliberately break things to retain their NAT-like
world, they can configure a single box with 6to4 and 4to6, give it a
/128 and then run their existing v4 NAT space behind that.  They'll
get very little sympathy when it breaks other things, though.


Regards,
Ben

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux