[134792] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon Jan 10 23:23:29 2011
Date: Mon, 10 Jan 2011 22:22:32 -0600
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <10091.1294705988@localhost>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/10/2011 6:33 PM, Valdis.Kletnieks@vt.edu wrote:
> I'd say on the whole, it's a net gain - the added ease of tracking down
> the click-here-to-infect machines that are no longer behind a NAT
> outweighs the little added security the NAT adds (above and beyond
> the statefulness that both NAT and a good firewall both add).
>
Really? Which machine was using the privacy extension address on the
/64? I don't see how it's made it any easier to track. In some ways, on
provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's
one extra nightmare.
Jack
