[Gloucs] Routers and IPv6
Andrew Oakley
andrew at aoakley.com
Wed Feb 6 20:45:05 GMT 2008
David Corking wrote:
> Each customer gets a subnet thousands of public IPv6 addresses on
> their home LAN.
Are you listing this as a benefit, or a drawback?
One of the main protections against network malware (worms etc) is the
common lowly NAT router, preventing visibility of open ports to the
outside world. Not 100% effective, but significantly effective. Domestic
users set a private subnet that is considered "safe" and can happily
misconfigure their private machines to be open to all - because that's
the quickest way to ensure their laptop can talk to their printer, or
their MP3 server can talk to their hifi. But "open to all" is converted
into "my subnet only"; not by design, but by the presence of a NAT router.
If we give every domestic machine a *public* IP address, that isn't
good, that's bad. It means that domestic users have to configure really
complex security to ensure their machines can be seen by their other
machines, but not by the wider world.
I don't doubt that IPV6 is a good thing, but not because it gives
domestic machines static public IPs.
--
Andrew Oakley
More information about the gloucs
mailing list