|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Fri, 4 Jan 2008 19:02:49 -0500 From: "Rick Astley" <jnanog@gmail.com> To: Valdis.Kletnieks@vt.edu Cc: nanog@merit.edu In-Reply-To: <9112.1199422669@turing-police.cc.vt.edu> Errors-To: owner-nanog@merit.edu ------=_Part_18976_24445640.1199491369376 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline As much as I don't want to resurrect this conversation again or beat a dead (now glued) horse: In the SOHO arena, today's NAT users may or may not opt to use SPI down the road. Many people just opt for the cheapest working solution and use defaults, so what we end up depends on what vendors like Linksys and Netgear decide. I am sure there will be customer demand for firewall functionality as well, but how much is not clear. I am talking about SOHO users because they are a big portion of the large DDoS networks and an important frontier in the fight against worm propagation. I know large mostly unused pools of client IP's make it more difficult to use traditional worm propagation methods in IPv6[1], but if customers move from IPv4 "firewalls" to IPv6 "routers", we still lose an important layer of security. 1. worm propagation strategies in an IPv6 Internet - http://www.cs.columbia.edu/~smb/papers/v6worms.pdf ------=_Part_18976_24445640.1199491369376 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline As much as I don't want to resurrect this conversation again or beat a dead (now glued) horse: In the SOHO arena, today's NAT users may or may not opt to use SPI down the road.<br><br>Many people just opt for the cheapest working solution and use defaults, so what we end up depends on what vendors like Linksys and Netgear decide. I am sure there will be customer demand for firewall functionality as well, but how much is not clear. <br><br>I am talking about SOHO users because they are a big portion of the large DDoS networks and an important frontier in the fight against worm propagation.<br><br>I know large mostly unused pools of client IP's make it more difficult to use traditional worm propagation methods in IPv6[1], but if customers move from IPv4 "firewalls" to IPv6 "routers", we still lose an important layer of security. <br><br><br>1. worm propagation strategies in an IPv6 Internet - <a href="http://www.cs.columbia.edu/~smb/papers/v6worms.pdf">http://www.cs.columbia.edu/~smb/papers/v6worms.pdf</a><br> ------=_Part_18976_24445640.1199491369376--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |