[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Gavin Carr gavin at openfusion.com.au
Tue Dec 7 12:34:51 UTC 2010


On Mon, Dec 06, 2010 at 08:55:17PM -0500, Bob McConnell wrote:
>> 3) When I connect my IPV6 refrigerator with its automatic inventory
>> system tracking every RFID-enabled carrot I use, won't I be making my
>> shopping habits visible to all those annoying advertisers?  Or, in
>> other words, am I compromising my privacy?  Actually, although such
>> dissemination of information can be blocked by a correctly designed
>> firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by
>> <your-favorite-commercial-site>" that comes with your ISP contract,
>> would err on the side of promiscuity.
>
>Why yes, yes you are giving up some of your privacy. And unless you have
>the time and are willing and able to learn how to configure firewalls
>for each device and application you use, or have the money to pay
>someone else you trust to do it for you, there is very little to protect
>you from the rest of the world.

That's at least overstated, and at worst complete FUD. Generic modems and
routers will be configured as they are now - with stateful firewalls
blocking all incoming traffic, except for streams initiated internally. 
Outgoing connections that would have worked before via NAT continue to
work, but without NAT. Stateful firewalls are still stateful firewalls.

Where are you giving up some of your privacy? The number of hosts on
your internal network? So allocate 256 ips (or 65k, if you like) to every
host and use a random ip from that set for every distinct service or 
outgoing connection.

There _is_ more information leakage with ipv6, in the sense that you are 
using a real ip from an internal machine on the connection. But the 
point is that the security benefit of that is largely illusory, security
by obscurity.

Cheers,
Gavin




More information about the CentOS mailing list