[135070] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Leen Besselink)
Sun Jan 16 09:46:26 2011
Date: Sun, 16 Jan 2011 15:46:17 +0100
From: Leen Besselink <leen@consolejunkie.net>
To: Stephen Davis <stephend@gmail.com>
In-Reply-To: <AANLkTim4w_av1TwsoEb8iWvw5w8rJiUu=hVjqX5uLc66@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 01/15/2011 11:06 PM, Stephen Davis wrote:
>> I'm a full supported for getting rid of NAT when deploying IPv6, but
>> have to say the alternative is not all that great either.
>>
>> Because what do people want, they want privacy, so they use the
>> IPv6 privacy extensions. Which are enabled by default on Windows
>> when IPv6 is used on XP, Vista and 7.
>>
>> And now you have no idea who had that IPv6-address at some point
>> in time. The solution to that problem is ? I guess the only solution is to
>> have the IPv6 equivalant of arpwatch to log the MAC-addresses/IPv6-
>> address combinations ?
>>
>> Or is their an other solution I'm missing.
> You can solve this problem any of the ways you could solve it in IPv4.
> Either assign static addresses from DHCPv6, or assign static addresses
> by hand.
If you like privacy, you don't need to even have static from DHCPv6,
you could have a new address every day (if you turn off your machine
daily).
Everything else can just query DNS for the address.
