Only 5x IPv4 /8 remaining at IANA

Henning Brauer hb-nanog at bsws.de
Mon Oct 18 13:19:04 CDT 2010


* Owen DeLong <owen at delong.com> [2010-10-18 18:29]:
> The good news is that stateful inspection doesn't go away in IPv6.

that is right.

> It works just fine. All that goes away is the header mangling.

that is partially true. it can work just fine, but all the bloat in v6
makes it way harder to implement the state tracking than it should be.

> It's really unfortunate that most people don't understand the distinction.
> If they did, it would help them to realize that NAT doesn't actually do
> anything for security, it just helps with address conservation (although
> it has some limits there, as well).

right.

> IPv6 with SI is no less secure than IPv4 with SI+NAT.

well, it is. the extension headers are horrible. the v4 mapping horror
is an insane trap, too. link-local is the most horrid concept ever.
all hail 160 bit addresses.

all that leads to bugs in the implementations (while the bugs are
really in the specification, I'd claim).

the RH0 desaster was just the beginning.

-- 
Henning Brauer, hb at bsws.de, henning at openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting




More information about the NANOG mailing list