[76849] in North American Network Operators' Group
Re: IPv6, IPSEC and deep packet inspection
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Fri Dec 31 23:46:23 2004
From: "Stephen Sprunk" <stephen@sprunk.org>
To: <bmanning@vacation.karoshi.com>, "Rob Thomas" <robt@cymru.com>
Cc: "North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Fri, 31 Dec 2004 22:42:17 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake <bmanning@vacation.karoshi.com>
>
> as one who has been "bit" by this already - i can say amen to
> what Rob preacheth... the hardest part is getting folks up to
> speed on IPv6 as a threat vector.
Are there any layman-readable presentations or whitepapers out there that
discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL
tuning might be different?
> Swat teams that can neutralize an IPv4 based flareup in minutes/
>hours can take days/weeks to contain a v6 channel...
The thing about that is that, if IPv6 is identified as the channel, it's
still quite possible to shut down IPv6 connectivity until you figure out how
to fix things. After all, there's nothing significant out there yet on v6
that can't be reached with v4...
S
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
