mh (RE: OMB: IPv6 by June 2008)

• Previous message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Next message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Petri Helenius wrote:
> Crist Clark wrote:
> 
>>
>> And the counter point to that argument is that the sparse population
>> of IPv6 space will make systematic scanning by worms an ineffective
>> means of propagation.
> 
> 
> Any by connecting to one of the p2p overlay networks you'll have a few 
> million in-use addresses momentarily.

Preventing abuse of information available from databases maintained
by P2P services is an emerging and interesting area of info sec. It may
become more so as other means of harvesting "live" addresses become
less productive. In The Future, the addresses of live hosts to attack
may become an underworld commodity like valid email addresses are now.
All of those are better than having Blaster or Slammer propagate so
easily. At least make the malware authors work for it.

If you were behind NAT, you couldn't use those P2P applications. So, yeah,
you were safe on your limited-functionality, pseudo-IP, NATed connection
from the Big Bad P2P.

And if you still want "the protection of NAT," any stateful firewall
will do it.

IMHO, if there is any reason NAT will live on in IPv6 it is the PI space
issue. Even the NAP draft comes out and says,

   4.7  Multihoming and renumbering

      Multihoming and renumbering remain technically challenging with IPv6...

That plus the problems with the unique local proposals make it quite
likely that NAT will not completely disappear should IPv6 become
widespread.
-- 
Crist J. Clark                               crist.clark at globalstar.com
Globalstar Communications                                (408) 933-4387

• Previous message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Next message (by thread): mh (RE: OMB: IPv6 by June 2008)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]