North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: European ISP enables IPv6 for all?
On Tue, 18 Dec 2007 15:49:18 GMT "Paul Ferguson" <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - -- "Christopher Morrow" <[email protected]> wrote: > > >On Dec 17, 2007 9:59 PM, Paul Ferguson <[email protected]> wrote: > > > >> And in fact, "threat propagation" in a v6 world may actually > >> be worse than expected, and naivet_ may actually contribute to > >> a larger-scale attack, given the statistical possibility of > >> potentially more victims. > > > > > >naivete because folks believe the 'v6 is more secure' propoganda? or > >some other reason? > > Yes. :-) > > >> Address space size, and proximity, may well be red herrings in > >> this discussion. > > > >can you expand on this some? > > Someone else mentioned "self-infliction" in this thread, and that's > spot on. > > Over the course of the past year or more, we've seen less & less > "scanning & self-propagating" malware, and more & more self-infliction, > either by being duped via social engineering or just by drive-by > infections/compromises. > > As it stands, now -- and unless the pendulum swings the other way -- > the whole "...v6 address space is larger, thus it is much harder to > scan and thus propagation of worms is much harder..." train of thought > is completely misguided. > It has been for quite a while - and so has NAT/NAPT = IPv4 security, for exactly the same reason. Some people say IPv6 isn't necessary because of IPv4 NAT/NAPT being available, and then when they say why, it's commonly because of the supposed "security" of IPv4 NAT/NAPT that'd be "lost" when moving to no-NAT IPv6. Regards, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"