[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Bowie Bailey Bowie_Bailey at BUC.com
Tue Dec 7 19:58:55 UTC 2010


On 12/7/2010 1:13 PM, Les Mikesell wrote:
> On 12/7/10 11:10 AM, Bowie Bailey wrote:
>
>>> I have a route to his dsl router, which, assuming that the ipv4 and
>>> ipv6 firewalls are as good at allowing/disallowing access, makes his
>>> current ipv4 and his future ipv6 addresses equally accessible.
>> I've been following the NAT debate here and something occurred to me.
>>
>> If you have an IPv4 network with NAT, an attacker doesn't need to know
>> your internal IPs.  All he needs is the IP to your router.  NAT will
>> nicely forward his packets along to whichever internal computer handles
>> the port.
> What port/computer would that be?  Most consumer routers default to not 
> forwarding anything that is not related to prior outbound activity.

And is there any reason to believe that a consumer IPv6 router would
default any differently?  If nothing is being allowed through, there's
not much to be concerned about in either case.  Outside attacks are only
possible if the router/firewall allows the packets through.  I was
referring to a case where there are computers on the inside doing HTTP,
SSH, VPN, SMTP, etc.

If we are talking about a true consumer where there are no services on
the inside, then what does it matter whether the network is presented as
a NAT or a collection of different IP addresses?  If the firewall does
not allow any connections from the outside, who cares whether an
attacker knows your IP?

-- 
Bowie



More information about the CentOS mailing list