IPv6 uptake (was: The Reg does 240/4)
William Herrin
bill at herrin.us
Sat Feb 17 01:30:38 UTC 2024
On Fri, Feb 16, 2024 at 5:22 PM Michael Thomas <mike at mtcc.com> wrote:
> On 2/16/24 5:05 PM, William Herrin wrote:
> > Now, I make a mistake on my firewall. I insert a rule intended to
> > allow packets outbound from 2602:815:6001::4 but I fat-finger it and
> > so it allows them inbound to that address instead. Someone tries to
> > telnet to 2602:815:6001::4. What happens? Hacked.
>
> Yes, but if the DHCP database has a mistake it's pretty much the same
> situation since it could be numbered with a public address.
Um. No. You'd have to make multiple mistakes cross-contaminating your
public and private ethernet segments yet somehow without completely
breaking your network rendering it inoperable.
> NAT is not without its own set of problems,
NAT's problems are legion. But the question was whether and how NAT
improves the security of a network employing it.
Regards,
Bill Herrin
--
William Herrin
bill at herrin.us
https://bill.herrin.us/
More information about the NANOG
mailing list