North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mh (RE: OMB: IPv6 by June 2008)

  • From: Crist Clark
  • Date: Thu Jul 07 16:36:00 2005

Petri Helenius wrote:
Crist Clark wrote:

And the counter point to that argument is that the sparse population
of IPv6 space will make systematic scanning by worms an ineffective
means of propagation.

Any by connecting to one of the p2p overlay networks you'll have a few million in-use addresses momentarily.
Preventing abuse of information available from databases maintained
by P2P services is an emerging and interesting area of info sec. It may
become more so as other means of harvesting "live" addresses become
less productive. In The Future, the addresses of live hosts to attack
may become an underworld commodity like valid email addresses are now.
All of those are better than having Blaster or Slammer propagate so
easily. At least make the malware authors work for it.

If you were behind NAT, you couldn't use those P2P applications. So, yeah,
you were safe on your limited-functionality, pseudo-IP, NATed connection
from the Big Bad P2P.

And if you still want "the protection of NAT," any stateful firewall
will do it.

IMHO, if there is any reason NAT will live on in IPv6 it is the PI space
issue. Even the NAP draft comes out and says,

  4.7  Multihoming and renumbering

     Multihoming and renumbering remain technically challenging with IPv6...

That plus the problems with the unique local proposals make it quite
likely that NAT will not completely disappear should IPv6 become
widespread.
--
Crist J. Clark                               crist.clark@globalstar.com
Globalstar Communications                                (408) 933-4387