European ISP enables IPv6 for all?
nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Tue Dec 18 20:56:58 UTC 2007
On Tue, 18 Dec 2007 15:49:18 GMT
"Paul Ferguson" <fergdawg at netzero.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> - -- "Christopher Morrow" <morrowc.lists at gmail.com> wrote:
> >On Dec 17, 2007 9:59 PM, Paul Ferguson <fergdawg at netzero.net> wrote:
> >> And in fact, "threat propagation" in a v6 world may actually
> >> be worse than expected, and naivet_ may actually contribute to
> >> a larger-scale attack, given the statistical possibility of
> >> potentially more victims.
> >naivete because folks believe the 'v6 is more secure' propoganda? or
> >some other reason?
> Yes. :-)
> >> Address space size, and proximity, may well be red herrings in
> >> this discussion.
> >can you expand on this some?
> Someone else mentioned "self-infliction" in this thread, and that's
> spot on.
> Over the course of the past year or more, we've seen less & less
> "scanning & self-propagating" malware, and more & more self-infliction,
> either by being duped via social engineering or just by drive-by
> As it stands, now -- and unless the pendulum swings the other way --
> the whole "...v6 address space is larger, thus it is much harder to
> scan and thus propagation of worms is much harder..." train of thought
> is completely misguided.
It has been for quite a while - and so has NAT/NAPT = IPv4
security, for exactly the same reason. Some people say IPv6 isn't
necessary because of IPv4 NAT/NAPT being available, and then when they
say why, it's commonly because of the supposed "security" of IPv4
NAT/NAPT that'd be "lost" when moving to no-NAT IPv6.
"Sheep are slow and tasty, and therefore must remain constantly
- Bruce Schneier, "Beyond Fear"
More information about the NANOG