[129268] in North American Network Operators' Group
Re: Comcast enables 6to4 relays
daemon@ATHENA.MIT.EDU (Jack Bates)
Tue Aug 31 12:11:57 2010
Date: Tue, 31 Aug 2010 11:07:34 -0500
From: Jack Bates <jbates@brightok.net>
To: Jeroen Massar <jeroen@unfix.org>
In-Reply-To: <4C7D1BBB.2060502@unfix.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Jeroen Massar wrote:
>
> Jack: there are a lot more methods to infect a host than this as there
> are lots and lots of p2p protocols which are being used by C&C botnets.
> And never forgot about this very simple protocol called HTTP(S).
>
I agree, though let's consider HTTP. If a firewall is set to filter it,
yet you are tunneling through with IPv6, you've bypassed your HTTP
filters which may, among other things, provide AV protection. I
recognize that there are plenty of ways to infect a machine. My concern
is that teredo can bypass firewall security and relies upon host
security to protect the computer. Unfortunately, not everyone utilizes
host security and has dependence on network firewalls.
Jack
