misunderstanding scale

Owen DeLong owen at delong.com
Tue Mar 25 02:15:55 UTC 2014


On Mar 23, 2014, at 11:38 PM, Mark Tinka <mark.tinka at seacom.mu> wrote:

> On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote:
> 
>> When speaking of IPv6 deployment, I routinely hear about
>> host security. I feel like it should be stated that this
>> is *in no way* an IPv6 issue. May the device be ULA,
>> LLA, GUA or RFC1918-addressed, the device is at risk
>> anyway.
>> 
>> If this is the only argument for delaying IPv6
>> deployment, this sounds more like FUD to me ;-)
> 
> I guess it's no surprise that host security is not an IPv4 
> or IPv6 issue.
> 
> It's just that with IPv4, the majority of unclean and 
> unupdated hosts have been living behind NAT44.
> 
> In an ideal IPv6 world, all hosts have GUA's, and in this 
> case, host security becomes a bigger problem, because now 
> the host is directly accessible without a NAT66 in between 
> (we hope).
> 
> Mark.

Bzzzt… But thanks for playing.

An IPv6 host with a GUA behind a stateful firewall with default deny is every bit as secure as an iPv4 host with an RFC-1918 address behind a NAT44 gateway.

Owen




More information about the NANOG mailing list