[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Adam Tauno Williams awilliam at whitemice.org
Tue Dec 7 10:29:09 UTC 2010


On Mon, 2010-12-06 at 18:28 -0500, Bob McConnell wrote: 
> > IPv6 is not broken by design. NAT was implemented to extend the time
> > until IPv4 exhaustion. A side effect was hiding the internal IPv4
> > address, which complicates a number of protocols like FTP and SIP. The
> > only downside I see is ISPs could try and charge based on the number
> > of IPv6 addresses being used.
> No, the downside is that each address used will be exposed to the world.

False.  That is *NOT* a downside.

NAT is *NOT* a magic sauce - install a firewall [which you probably
already have].  Problem solved.

> I consider that a serious security flaw. 

It is not.

> Having my ISP know how many 
> computers I have is a minor issue covered by the contract I have with 
> them. 

So you want to cheap on the legal contract you agreed to?

> But having all of those addresses exposed to Russian mobsters, 
> terrorists, crackers and everyone else that knows how to capture packets 
> is another matter altogether. If IPv6 exposes that information to the 
> world, it is definitely unsafe to use.

The "Russian mobsters" can already do that; if you think NAT is
protecting you from that then you are mistaken.





More information about the CentOS mailing list