[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] IPv6 vs IPv4 (was: uptime)

Subject: [ale] IPv6 vs IPv4 (was: uptime)
From: jimpop at gmail.com (Jim Popovitch)
Date: Thu, 18 Mar 2010 07:13:21 -0400
In-reply-to: <1268880177.11096.42.camel@localhost>
References: <[email protected]> <1268880177.11096.42.camel@localhost>

On Wed, Mar 17, 2010 at 22:42, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Wed, 2010-03-17 at 22:03 -0400, Jim Popovitch wrote:
>> Well, that brings up the usual IPv4 vs IPv6 interest :-). So a measure
>> of security comes from IPv4 but not IPv6...yet another reason to delay
>> IPv6 :-)
>
> Fraid not. ?You don't really have a choice. ?It's far far more difficult
> and expensive to prevent or obstruct IPv6 than it is to provide it. ?I
> haven't accessed IPv6 from an aircraft yet (but that would be trivial)
> but I have done a half a dozen cruise ships at sea and from several
> continents (Asia, Europe, South America, and all over the US, Canada,
> Mexico, Central America, and the Carribean). ?Behind NAT devices and
> behind firewalls. ?We've found it deep in labs communicating with Teredo
> servers out on the Internet (Windows Vista, Windows 7, and a surprising
> number of Windows XP systems that nobody can explain). ?I have yet to
> find a place where I could not reach IPv6 if I really wanted it. ?And
> the bad guys know this. ?Russia and the Ukraine are #1 and #2 on
> Google's list of v6 deployment. ?Think about that. ?In fact, I would
> honestly say, if you have access to DNS then someone has access to IPv6
> from where you are (look up Iodine, DNScat, and OpenVPN and think about
> it). ?Time for burying your head in the sand was gone a long time ago.
> The important point is that you don't know. ?You won't know. ?It doesn't
> ring any big red bells and announce itself. ?It just works and you are
> none the wiser.

I think you are missing my point ;-)

> You say another reason to "delay" IPv6? ?And exactly WHAT have you done
> to delay it? ?If the answer is nothing, you're not even a speed bump.
> If you are not actively checking for it and blocking it, how are you
> delaying it? ?Even if you are actively trying to detect it, it's now
> common on all modern Linux boxes and Mac books and you can't disable it
> on Vista or Windows 7 (and it's really difficult to disable it on Linux
> by intent and design). ?At least some of the IPv6 protocols should be
> present on virtually every modern network at this time (globals may not
> be actively routed but RD, and ND should certainly be present and maybe
> even RA). ?Have been for many many years and here you sit oblivious to
> it all. ?Delaying it is too late when it's been sitting on your network
> for 5 years or more and you still have no clue.

:-)

-Jim P.

References:
- [ale] IPv6 vs IPv4 (was: uptime)
  - From: jimpop at gmail.com (Jim Popovitch)
- [ale] IPv6 vs IPv4 (was: uptime)
  - From: mhw at WittsEnd.com (Michael H. Warfield)

Prev by Date: [ale] Can a class-b space be sold? How much?
Next by Date: [ale] uptime
Previous by thread: [ale] IPv6 vs IPv4 (was: uptime)
Next by thread: [ale] IPv6 vs IPv4 (was: uptime)
Index(es):
- Date
- Thread