[134891] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Scott Helms)
Wed Jan 12 16:04:56 2011
Date: Wed, 12 Jan 2011 15:54:19 -0500
From: Scott Helms <khelms@ispalliance.net>
To: nanog@nanog.org
In-Reply-To: <201101122037.p0CKblfG011464@xs8.xs4all.nl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Miquel,
Almost no home users have an IPv6 connection currently and the ones
that do are the extreme outliers. IPv6 gear (depending on the
deployment method) will hopefully handle this well, but no I haven't
seen any that did a default drop all. In truth most of the CPE I've
seen don't even run v6 well even if their marketing claims otherwise.
However, v6 is an entirely different generation of gear that will
_hopefully_ get things right since they will _hopefully_ avoid NAT.
Having said that so far the smoothest (from an end user perspective) way
of moving forward is often 4 to 6 in the home and I expect that to be
dirt common for very long time in the future.
On 1/12/2011 3:37 PM, Miquel van Smoorenburg wrote:
> In article<xs4all.4D2E0B77.9060504@ispalliance.net>,
> Scott Helms<khelms@ispalliance.net> wrote:
>> Few home users have a stateful firewall configured and AFAIK none of the
>> consumer models come with a good default set of rules much less a drop
>> all unknown.
> The v6 capable CPEs for home users I've seen so far all include
> stateful firewalling with inbound default deny.
>
> (including the one I'm using right now)
>
> Is your experience with such CPEs any different ?
>
> Mike.
>
--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
Looking for hand-selected news, views and
tips for independent broadband providers?
Follow us on Twitter! http://twitter.com/ZCorum
--------------------------------
