NIST IPv6 document

Valdis.Kletnieks at Valdis.Kletnieks at
Mon Jan 10 18:33:08 CST 2011

On Mon, 10 Jan 2011 19:22:46 EST, Jeff Kell said:

> It is a decreasing risk, given the typical user initiated compromise of
> today (click here to infect your computer), but a non-zero one.
> The whole IPv6 / no-NAT philosophy of "always connected and always
> directly addressable" eliminates this layer.

I'd say on the whole, it's a net gain - the added ease of tracking down
the click-here-to-infect machines that are no longer behind a NAT
outweighs the little added security the NAT adds (above and beyond
the statefulness that both NAT and a good firewall both add). 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list