Private port numbers?
Crist Clark
crist.clark at globalstar.com
Thu Aug 14 18:41:25 UTC 2003
Lars Higham wrote:
>
> It's a good idea, granted, but isn't this covered by IPv6 administrative
> scoping?
That's the network layer, not the transport layer. IPv6 scoping has the
potential to be very helpful for private addressing since it's fundamentally
built into the protocol, as opposed to RFC1918 addresses which are just
kinda an afterthought. This means that, by default, vendor products should
DTRT with respect to scoped addresses, and administrators have more
effective tools.
However, giving administrators more tools is not always a good thing. I
fully expect to see the clueless, the same people who don't filter
RFC1918 spoofs at their border now, open up their border routers to let in
privately scoped addresses from the outside world. And I expect there will
be ISPs that let privately scoped addresses pass over their networks 'cause
some clueless customers, with $$$ contracts, want to pass the traffic between
different sites. And some vendors will ship with bad defaults and bugs.
So, I expect private networks with global connectivity (kind of an oxymoron,
but you know what I mean) will be easier to set up and set up more securely
with IPv6. But it's no magic bullet. There will be some brilliant fools out
there who manage to shoot themselves in the foot. That problem will never
go away. Unfortunately, besides shooting themselves, these people cause
some collateral damage too (just like this worm that started the discussion).
We'll have to wait until IPv6 is widely deployed to really see how all of
that works out.
--
Crist J. Clark crist.clark at globalstar.com
More information about the NANOG
mailing list