NIST IPv6 document

Jack Bates jbates at brightok.net
Tue Jan 11 04:22:32 UTC 2011


On 1/10/2011 6:33 PM, Valdis.Kletnieks at vt.edu wrote:
> I'd say on the whole, it's a net gain - the added ease of tracking down
> the click-here-to-infect machines that are no longer behind a NAT
> outweighs the little added security the NAT adds (above and beyond
> the statefulness that both NAT and a good firewall both add).
>

Really? Which machine was using the privacy extension address on the 
/64? I don't see how it's made it any easier to track. In some ways, on 
provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's 
one extra nightmare.


Jack




More information about the NANOG mailing list