[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Adam Tauno Williams awilliam at whitemice.org
Tue Dec 7 15:11:28 UTC 2010


On Mon, 2010-12-06 at 20:55 -0500, Bob McConnell wrote: 
> David wrote:
> > Folks
> > I have been following the IPV6 comments.
> > What concerns me with the loss of NAT are the following issues
> > 3) When I connect my IPV6 refrigerator with its automatic inventory 
> > system tracking every RFID-enabled carrot I use, won't I be making my 
> > shopping habits visible to all those annoying advertisers?  Or, in 
> > other words, am I compromising my privacy?  Actually, although such 
> > dissemination of information can be blocked by a correctly designed 
> > firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by 
> > <your-favorite-commercial-site>" that comes with your ISP contract, 
> > would err on the side of promiscuity.
> Why yes, yes you are giving up some of your privacy. And unless you have 
> the time and are willing and able to learn how to configure firewalls 
> for each device and application you use, or have the money to pay 
> someone else you trust to do it for you, there is very little to protect 
> you from the rest of the world.
> I just finished reviewing my firewall logs for last week. There are 
> 127MiB with ipmon reports of rejected connection attempts. That's 
> actually  on the low side for any seven day period. I have some weeks 
> that are half again that much. Somebody out there is pounding on that 
> firewall pretty hard, trying to break in. I'm certain they don't have my 
> best interests at heart. Most of the ports attacked are linked to well 
> known services and worms on one particular OS, which I don't happen to 
> have running on my network. But this log tells me that it is important 
> to make it as difficult as possible for whomever is knocking on the 
> door. I don't see that IPv6 helps improve that protection. In fact, it 
> appears to eliminate some of the protection I have now.

It does *NOT* help with that situation; nobody credible says it does.

It also does *NOT* "eliminate some of the protection I have now".

You apparently *believe* that NAT is about "protection"  You are wrong.

NAT [at best, and not really] adds obfuscation to the source /
destination.  Obfuscation is not security.




More information about the CentOS mailing list