[190398] in North American Network Operators' Group
RE: IPv6 deployment excuses
daemon@ATHENA.MIT.EDU (Spencer Ryan)
Sat Jul 2 12:08:00 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <34df7da568d43b45ad87565fcec90ffa@mail.dessus.com>
Date: Sat, 2 Jul 2016 12:07:55 -0400
From: Spencer Ryan <sryan@arbor.net>
To: Keith Medcalf <kmedcalf@dessus.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Windows 8 and 10 with the most recent service packs default the firewall to
on with very few inbound exemptions.
On Jul 2, 2016 11:38 AM, "Keith Medcalf" <kmedcalf@dessus.com> wrote:
>
> > There is no difference between IPv4 and IPv6 when it comes to
> > firewalls and reachability. It is worth noting that hosts which
> > support IPv6 are typically a lot more secure than older IPv4-only
> > hosts. As an example every version of Windows that ships with IPv6
> > support also ships with the firewall turned on by default.
>
> Just because the firewall is turned on does not mean that it is configured
> properly.
>
> Every version of Windows that ships with IPv6 support also ships with the
> Firewall configured in such a fashion that you may as well have it turned
> off.
>
> This is especially true in Windows 8 and later where the firewall is
> reconfigured without your permission by Microsoft every time you install
> any update whatsoever back to the "totally insecure" default state -- and
> there is absolutely no way to fix this other than to check, every single
> minute, that the firewall is still configured as you configured it, and not
> as Microsoft (and their NSA partners) choose to configure it.
>
> All versions of Windows 8 and later whether using IPv4 or IPv6 are
> completely unsuitable for use on a network attached to the Internet by any
> means (whether using NAT or not) that does not include an external (to
> Windows) -- ie, in network -- statefull firewall over which Windows,
> Microsoft, (and their NSA partners) have no automatic means of control. If
> you allow UPnP control of the external statefull firewall from Windows
> version 8 or later, you may as well not bother having any firewall at all
> because it is not under your control.
>
>
>
>
>
