Consumer Grade - IPV6 Enabled Router Firewalls.

gordon b slater gordslater at ieee.org
Mon Dec 14 18:35:16 UTC 2009


On Mon, 2009-12-14 at 00:58 -0800, Owen DeLong wrote:
> However, UPnP is, at it's heart a way  
> to allow
> arbitrary unauthenticated applications the power to amend your security
> policy to their will.  Can you possibly explain any way in which such a
> thing is at all superior to no firewall at all?
> 
> I would argue that a firewall that can be reconfigured by any applet a  
> user
> clicks on (whether they know it or not) is actually less useful than no
> firewall because it creates the illusion in the users mind that there  
> is a
> firewall protecting them.

Well, for many years I've argued (since I read an early draft of the
proposal for uPnP ) that it really stood for
"Unstoppable-Peek-and-Poke".
It scares the hell outta me, full stop, way more than the users
themselves - and they scare me a lot anyways.

Seems a good time to ask while everyone's thinking about it:
I wonder if anyone actually has first-hand experience of any el-cheapo
plastic "home user" routers (say sub-50$US) that are worth a look at for
low-end system trials?  Zyxel maybe?  I see Andrews & Arnold (in the UK)
sell them and seem to rate them quite highly, yet the price is, frankly,
a giveaway. Any thoughts? 
Ignoring, of course, the sad and embarassing fact that much of the UK's
national telco backbone isn't v6 capable - a long (and buggy) story in
itself, once you start trying to implement practical v6 end-to-end )


Gord







More information about the NANOG mailing list