[Gloucs] Routers and IPv6

[Richard Dawe]

Evening,

Andrew Oakley wrote:
[snip]
> If we give every domestic machine a *public* IP address, that isn't 
> good, that's bad. It means that domestic users have to configure really 
> complex security to ensure their machines can be seen by their other 
> machines, but not by the wider world.
[snip]

I'm sure they could build the router to do something similar as now. 
I.e.: hosts on the local interfaces can freely talk to each other, but 
hosts on the Internet side can only talk to specifically allowed (IP, 
port) combinations on the local network.

I read an interesting paper a while ago on how you could attack the 
local side of a NAT device from the Internet side, if someone had 
established an outgoing connection from the local side. For each type of 
NAT, there were different possible attacks. You could probe the NAT's 
port mappings from the Internet side. I think it was published as an 
RFC, but I couldn't find it. Maybe it was only an Internet-Draft.

Rich =]

-- 
Richard Dawe [ http://homepages.nildram.co.uk/~phekda/richdawe/ ]

"Whatever you can do, or dream you can, begin it. Boldness has
genius, power, and magic in it." -- Johann Wolfgang von Goethe