[101128] in North American Network Operators' Group
Re: European ISP enables IPv6 for all?
daemon@ATHENA.MIT.EDU (Mark Smith)
Tue Dec 18 15:58:14 2007
Date: Wed, 19 Dec 2007 07:26:58 +1030
From: Mark Smith <nanog@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org>
To: "Paul Ferguson" <fergdawg@netzero.net>
Cc: morrowc.lists@gmail.com, smb@cs.columbia.edu, Sean.Siler@microsoft.com,
nanog@merit.edu
In-Reply-To: <20071218.074918.9383.0@webmail01.vgs.untd.com>
Errors-To: owner-nanog@merit.edu
On Tue, 18 Dec 2007 15:49:18 GMT
"Paul Ferguson" <fergdawg@netzero.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -- "Christopher Morrow" <morrowc.lists@gmail.com> wrote:
>
> >On Dec 17, 2007 9:59 PM, Paul Ferguson <fergdawg@netzero.net> wrote:
> >
> >> And in fact, "threat propagation" in a v6 world may actually
> >> be worse than expected, and naivet_ may actually contribute to
> >> a larger-scale attack, given the statistical possibility of
> >> potentially more victims.
> >
> >
> >naivete because folks believe the 'v6 is more secure' propoganda? or
> >some other reason?
>
> Yes. :-)
>
> >> Address space size, and proximity, may well be red herrings in
> >> this discussion.
> >
> >can you expand on this some?
>
> Someone else mentioned "self-infliction" in this thread, and that's
> spot on.
>
> Over the course of the past year or more, we've seen less & less
> "scanning & self-propagating" malware, and more & more self-infliction,
> either by being duped via social engineering or just by drive-by
> infections/compromises.
>
> As it stands, now -- and unless the pendulum swings the other way --
> the whole "...v6 address space is larger, thus it is much harder to
> scan and thus propagation of worms is much harder..." train of thought
> is completely misguided.
>
It has been for quite a while - and so has NAT/NAPT = IPv4
security, for exactly the same reason. Some people say IPv6 isn't
necessary because of IPv4 NAT/NAPT being available, and then when they
say why, it's commonly because of the supposed "security" of IPv4
NAT/NAPT that'd be "lost" when moving to no-NAT IPv6.
Regards,
Mark.
--
"Sheep are slow and tasty, and therefore must remain constantly
alert."
- Bruce Schneier, "Beyond Fear"
