[167163] in North American Network Operators' Group
Re: AT&T UVERSE Native IPv6, a HOWTO
daemon@ATHENA.MIT.EDU (Ricky Beam)
Mon Dec 2 21:05:44 2013
To: "Owen DeLong" <owen@delong.com>
Date: Mon, 02 Dec 2013 21:05:28 -0500
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <C6F87E0F-B917-479A-8F7B-56341979D374@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 02 Dec 2013 20:18:08 -0500, Owen DeLong <owen@delong.com> wrote:
> You don't, but it's easy enough for Windows to do discovery and/or
> negotiation for firewall holes with multicast and avoid making
...
Actually, your process still makes a very dangerous assumption... you have
to assume the address passed via multicast is, in fact, a local address.
Since it is necessarily outside your prefix, you have to either make
assumptions about what is "close" to your prefix -- assumes the site is
contiguous, or trust any address passed to you. Hackers will have fun
screwing up your firewall rules and potentially breaking into your
servers. (if you're foolish enough to not have any other layers in your
network, which is likely with home networks.)
> ... They can't get away with flat out saying no...
Says who? TWC has been saying "no" for years. (unless I'm mistaken,
"always".)
