IPv6 woes - RFC

Wed Sep 29 14:27:27 UTC 2021

On Tue, Sep 28, 2021 at 4:18 PM Randy Bush <randy at psg.com> wrote:

> >> the ietf did not give guidance to cpe vendors to protect toys inside
> >> your LAN
> > guidance aside... 'Time To Market' (or "Minimum Viable Product - MVP!) is
> > likely to impact all of our security 'requirements'. :(
>
> that point was made in the paper i cited
>

"This is a preview of subscription content, log in
<https://link.springer.com/signup-login?previousUrl=https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%252F978-3-030-72582-2_22>
to
check access."
  <paywall complaint goes here>

I can see a wierdo looking image with 'port scan data', which roughly seems
to say:
  "Hey, turn on the firewall"
on all of their tested devices... and what look like 'cablelabs affiliates'
mostly did
the right thing with that fw policy.

> > I also thought 'homenet' (https://datatracker.ietf.org/wg/homenet) was
> > supposed to have provided the guidance you seek here?
>
> got a cite for the guidance?
>
>
sure, that's in the referenced architecture document from your link
(one of the other few things I can see is the references section):
  3. Chown, T., Arkko, J., Brandt, A., Troan, O., Weil, J.: IPv6 home
networking
     architecture principles. RFC 7368, Internet Engineering Task Force
(October 2014)

The points about NAT in v4 being 'helpful' are sort of right, but the
attacks just
move up the stack[0] :( so I don't think it's particularly germaine to
worry/not about nat
for 'security' purposes.

-chris

0: https://us.norton.com/internetsecurity-malware-malvertising.html
    (NOTE: I'm not a fan of norton nor any AV really, but.. the article
makes the
    'up the stack' point)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210929/e2df32ac/attachment.html>