[CentOS] IPV4 is nearly depleted, are you ready for IPV6?
Adam Tauno Williams
awilliam at whitemice.org
Tue Dec 7 15:11:28 UTC 2010
On Mon, 2010-12-06 at 20:55 -0500, Bob McConnell wrote:
> David wrote:
> > Folks
> > I have been following the IPV6 comments.
> > What concerns me with the loss of NAT are the following issues
> > 3) When I connect my IPV6 refrigerator with its automatic inventory
> > system tracking every RFID-enabled carrot I use, won't I be making my
> > shopping habits visible to all those annoying advertisers? Or, in
> > other words, am I compromising my privacy? Actually, although such
> > dissemination of information can be blocked by a correctly designed
> > firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by
> > <your-favorite-commercial-site>" that comes with your ISP contract,
> > would err on the side of promiscuity.
> Why yes, yes you are giving up some of your privacy. And unless you have
> the time and are willing and able to learn how to configure firewalls
> for each device and application you use, or have the money to pay
> someone else you trust to do it for you, there is very little to protect
> you from the rest of the world.
> I just finished reviewing my firewall logs for last week. There are
> 127MiB with ipmon reports of rejected connection attempts. That's
> actually on the low side for any seven day period. I have some weeks
> that are half again that much. Somebody out there is pounding on that
> firewall pretty hard, trying to break in. I'm certain they don't have my
> best interests at heart. Most of the ports attacked are linked to well
> known services and worms on one particular OS, which I don't happen to
> have running on my network. But this log tells me that it is important
> to make it as difficult as possible for whomever is knocking on the
> door. I don't see that IPv6 helps improve that protection. In fact, it
> appears to eliminate some of the protection I have now.
It does *NOT* help with that situation; nobody credible says it does.
It also does *NOT* "eliminate some of the protection I have now".
You apparently *believe* that NAT is about "protection" You are wrong.
NAT [at best, and not really] adds obfuscation to the source /
destination. Obfuscation is not security.
More information about the CentOS
mailing list