[CentOS] IPV4 is nearly depleted, are you ready for IPV6?
Adam Tauno Williams
awilliam at whitemice.org
Tue Dec 7 10:29:09 UTC 2010
On Mon, 2010-12-06 at 18:28 -0500, Bob McConnell wrote:
> > IPv6 is not broken by design. NAT was implemented to extend the time
> > until IPv4 exhaustion. A side effect was hiding the internal IPv4
> > address, which complicates a number of protocols like FTP and SIP. The
> > only downside I see is ISPs could try and charge based on the number
> > of IPv6 addresses being used.
> No, the downside is that each address used will be exposed to the world.
False. That is *NOT* a downside.
NAT is *NOT* a magic sauce - install a firewall [which you probably
already have]. Problem solved.
> I consider that a serious security flaw.
It is not.
> Having my ISP know how many
> computers I have is a minor issue covered by the contract I have with
> them.
So you want to cheap on the legal contract you agreed to?
> But having all of those addresses exposed to Russian mobsters,
> terrorists, crackers and everyone else that knows how to capture packets
> is another matter altogether. If IPv6 exposes that information to the
> world, it is definitely unsafe to use.
The "Russian mobsters" can already do that; if you think NAT is
protecting you from that then you are mistaken.
More information about the CentOS
mailing list