Important IPv6 Policy Issue -- Your Input Requested

• Previous message (by thread): Important IPv6 Policy Issue -- Your Input Requested
• Next message (by thread): Important IPv6 Policy Issue -- Your Input Requested
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 10 Nov 2004, Jerry Eyers wrote:
> I have devices that have no need, never will have a need, to ever
> talk outside of the internal networks, nor do I want some
> brain dead user to drop some stupid little device on the network
> and tada, route access to some of my inside network simply because
> the addresses are valid.  I want my inside addresses to be
> non accessible from the 'real world', ever.  If IPv6 can't offer me
> the luxury (even if it is not valid or justified) then I see no reason
> to change from IPv4 to IPv6 in the core.  Just do it on the
> periphery.  It is VERY expensive to a corporation to accomplish
> a renumber, and if there is no benefit, then.....

Depending on putting devices on 1918 for security is dangerious. All it
takes is one little misconfigured router (or less than strict filters) and
any of your peer's customers can start talking to your backend database
servers.

Assuming that just because they are 1918 address they are not remotely
visable is a dangerous simplification.

eg I just hopped though 3 providers (using default routes) to ping a well
known [1] 192.168.x.x address.

[1] - In NZ.

-- 
Simon J. Lyall.  |   Very  Busy   |   Mail: simon at darkmere.gen.nz
"To stay awake all night adds a day to your life" - Stilgar | eMT.

• Previous message (by thread): Important IPv6 Policy Issue -- Your Input Requested
• Next message (by thread): Important IPv6 Policy Issue -- Your Input Requested
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]