NIST IPv6 document

Owen DeLong owen at delong.com
Tue Jan 11 01:10:50 CST 2011


On Jan 10, 2011, at 8:22 PM, Jack Bates wrote:

> On 1/10/2011 6:33 PM, Valdis.Kletnieks at vt.edu wrote:
>> I'd say on the whole, it's a net gain - the added ease of tracking down
>> the click-here-to-infect machines that are no longer behind a NAT
>> outweighs the little added security the NAT adds (above and beyond
>> the statefulness that both NAT and a good firewall both add).
>> 
> 
> Really? Which machine was using the privacy extension address on the /64? I don't see how it's made it any easier to track. In some ways, on provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's one extra nightmare.
> 
> 
> Jack

At least I can tell which segment the pwn3d machine is on. As it currently
stands, I'm lucky if I can tell which state the pwn3d machine inside $ENTERPRISE
is located in. Sometimes, you can't even tell which country.

Owen





More information about the NANOG mailing list