On 12/7/2010 1:13 PM, Les Mikesell wrote:
On 12/7/10 11:10 AM, Bowie Bailey wrote:
I have a route to his dsl router, which, assuming that the ipv4 and ipv6 firewalls are as good at allowing/disallowing access, makes his current ipv4 and his future ipv6 addresses equally accessible.
I've been following the NAT debate here and something occurred to me.
If you have an IPv4 network with NAT, an attacker doesn't need to know your internal IPs. All he needs is the IP to your router. NAT will nicely forward his packets along to whichever internal computer handles the port.
What port/computer would that be? Most consumer routers default to not forwarding anything that is not related to prior outbound activity.
And is there any reason to believe that a consumer IPv6 router would default any differently? If nothing is being allowed through, there's not much to be concerned about in either case. Outside attacks are only possible if the router/firewall allows the packets through. I was referring to a case where there are computers on the inside doing HTTP, SSH, VPN, SMTP, etc.
If we are talking about a true consumer where there are no services on the inside, then what does it matter whether the network is presented as a NAT or a collection of different IP addresses? If the firewall does not allow any connections from the outside, who cares whether an attacker knows your IP?