David wrote:
Folks
I have been following the IPV6 comments.
What concerns me with the loss of NAT are the following issues:
- When I connect my IPV6 refrigerator with its automatic inventory
system tracking every RFID-enabled carrot I use, won't I be making my shopping habits visible to all those annoying advertisers? Or, in other words, am I compromising my privacy? Actually, although such dissemination of information can be blocked by a correctly designed firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by <your-favorite-commercial-site>" that comes with your ISP contract, would err on the side of promiscuity.
Why yes, yes you are giving up some of your privacy. And unless you have the time and are willing and able to learn how to configure firewalls for each device and application you use, or have the money to pay someone else you trust to do it for you, there is very little to protect you from the rest of the world.
I just finished reviewing my firewall logs for last week. There are 127MiB with ipmon reports of rejected connection attempts. That's actually on the low side for any seven day period. I have some weeks that are half again that much. Somebody out there is pounding on that firewall pretty hard, trying to break in. I'm certain they don't have my best interests at heart. Most of the ports attacked are linked to well known services and worms on one particular OS, which I don't happen to have running on my network. But this log tells me that it is important to make it as difficult as possible for whomever is knocking on the door. I don't see that IPv6 helps improve that protection. In fact, it appears to eliminate some of the protection I have now.
Somebody mentioned that NAT broke several protocols when it was introduced. That suggests those protocols needed to be fixed or replaced. In particular, FTP should have been trashed decades ago. It was designed when every system administrator could be held responsible for his actions or inaction. That requirement disappeared more than 20 years ago. Protocols that depended on it should have disappeared with it.
Bob McConnell N2SPP