v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Feb 5 11:19:59 CST 2009


On Thu, 05 Feb 2009 08:24:16 PST, Roger Marquis said:

> Can you site a reference? Can you substantiate "lots"?  I didn't think so.
> This is yet another case the rhetoric gets a little over the top, leading
> those of us who were doing this before NAT to suspect a non-technical
> agenda.

Some estimates say that Conficker has nailed over 9 to 16 million systems by
now. Every single one was because somebody didn't apply a patch that came
out back in October.

I'm sure at least some of these were because of either:

a) "I'm Joe Sixpack, and I'm safe because I'm behind my cablemodem"
b) "I'm Joe McSE (want fries with that?), and I'm safe because of the corporate
firewall".

(Note that due to its design, Conficker *can't* spread through a properly
configured firewall - almost by definition, *every single* firewalled network
that got hit was because somebody forgot the difference between "firewall" and
"security perimeter".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090205/2a9281ef/attachment.bin>


More information about the NANOG mailing list