[134781] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jan 10 19:34:50 2011
To: Jeff Kell <jeff-kell@utc.edu>
In-Reply-To: Your message of "Mon, 10 Jan 2011 19:22:46 EST."
<4D2BA2D6.3070500@utc.edu>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 10 Jan 2011 19:33:08 -0500
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1294705988_5473P
Content-Type: text/plain; charset=us-ascii
On Mon, 10 Jan 2011 19:22:46 EST, Jeff Kell said:
> It is a decreasing risk, given the typical user initiated compromise of
> today (click here to infect your computer), but a non-zero one.
>
> The whole IPv6 / no-NAT philosophy of "always connected and always
> directly addressable" eliminates this layer.
I'd say on the whole, it's a net gain - the added ease of tracking down
the click-here-to-infect machines that are no longer behind a NAT
outweighs the little added security the NAT adds (above and beyond
the statefulness that both NAT and a good firewall both add).
--==_Exmh_1294705988_5473P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFNK6VEcC3lWbTT17ARAg+yAJ0ZdqNqL+GTILD4+EcjzlDd+0GM6wCg2sxD
k4nWNMa9fiXIeEJOjXq5aZM=
=QNw9
-----END PGP SIGNATURE-----
--==_Exmh_1294705988_5473P--
