Netflix banning HE tunnels

• Previous message (by thread): IPv6 Ingress traffic by default
• Next message (by thread): Netflix banning HE tunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <E67D028D-2A66-453C-9D8B-0AC8FEA88131 at delong.com>, Owen DeLong writes:
>
> > On Jun 17, 2016, at 10:10 , Mark Milhollan <mlm at pixelgate.net> wrote:
> >
> > On Tue, 14 Jun 2016, Owen DeLong wrote:
> >> On Jun 14, 2016, at 11:57 , Ricky Beam <jfbeam at gmail.com> wrote:
> >
> >>> I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6
> traffic.
> >>
> >> Those are by definition poorly designed CPE.
> >
> > This (open by default vs closed) has been discussed before, with plenty
> > of people on either side.
> >
> >
> > /mark
>
> I’m unaware of anyone advocating open inbound by default residential CPE.
>
> I’m not saying they don’t exist, but I can’t imagine how anyone could
> possibly defend that position rationally.
>
> I’m pretty much in favor of open by default in most things, but for
> inbound traffic to residential CPE? Even I find that hard to rationalize.
>
> Owen
>

For a lot of homes it actually makes sense.  You laptops are safe
as they are designed to be connected directly to the Internet.  We
do this all the time.  Similarly phone and tablets are designed to
be directly connected to the Internet.  I know that lots of us do
this all the time.  Think about what happens at conferences.  There
is no firewall there to save you but we all regularly connect our
devices to the conference networks.

Lots of other stuff is also designed to be directly connected to
the Internet.

Finding ways to successfully attack a machine from outside is
actually hard and has been for many years now.

There is lots of FUD being thrown around about IoT.  Some machines
will be compromised but as a class of devices there is no reason
to assume that manufactures haven't learn from what happened to
other Internet connected products.

The thing you need from all manufactures is a commitment to release
fixes (no necessarially feature upgrades) for the devices they ship
for the real life the product and for users to upgrade the products.

Software doesn't wear out.  Bugs just get found and design flaws
discovered.  The existing warranty policies are designed around
products that physically wear out.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

• Previous message (by thread): IPv6 Ingress traffic by default
• Next message (by thread): Netflix banning HE tunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]