[134798] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Jan 11 02:12:28 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4D2BDB08.7030701@brightok.net>
Date: Mon, 10 Jan 2011 23:10:50 -0800
To: Jack Bates <jbates@brightok.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 10, 2011, at 8:22 PM, Jack Bates wrote:
> On 1/10/2011 6:33 PM, Valdis.Kletnieks@vt.edu wrote:
>> I'd say on the whole, it's a net gain - the added ease of tracking =
down
>> the click-here-to-infect machines that are no longer behind a NAT
>> outweighs the little added security the NAT adds (above and beyond
>> the statefulness that both NAT and a good firewall both add).
>>=20
>=20
> Really? Which machine was using the privacy extension address on the =
/64? I don't see how it's made it any easier to track. In some ways, on =
provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's =
one extra nightmare.
>=20
>=20
> Jack
At least I can tell which segment the pwn3d machine is on. As it =
currently
stands, I'm lucky if I can tell which state the pwn3d machine inside =
$ENTERPRISE
is located in. Sometimes, you can't even tell which country.
Owen
