Is NAT can provide some kind of protection?

Leen Besselink leen at consolejunkie.net
Sun Jan 16 14:46:17 UTC 2011


On 01/15/2011 11:06 PM, Stephen Davis wrote:
>> I'm a full supported for getting rid of NAT when deploying IPv6, but
>> have to say the alternative is not all that great either.
>>
>> Because what do people want, they want privacy, so they use the
>> IPv6 privacy extensions. Which are enabled by default on Windows
>> when IPv6 is used on XP, Vista and 7.
>>
>> And now you have no idea who had that IPv6-address at some point
>> in time. The solution to that problem is ? I guess the only solution is to
>> have the IPv6 equivalant of arpwatch to log the MAC-addresses/IPv6-
>> address combinations ?
>>
>> Or is their an other solution I'm missing.
> You can solve this problem any of the ways you could solve it in IPv4.
> Either assign static addresses from DHCPv6, or assign static addresses
> by hand.
If you like privacy, you don't need to even have static from DHCPv6,
you could have a new address every day (if you turn off your machine
daily).

Everything else can just query DNS for the address.





More information about the NANOG mailing list