[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Tue Dec 7 01:55:17 UTC 2010
Bob McConnell <rmcconne at lightlink.com>

David wrote:
> Folks
> 
> I have been following the IPV6 comments.
> 
> What concerns me with the loss of NAT are the following issues:


> 3) When I connect my IPV6 refrigerator with its automatic inventory 
> system tracking every RFID-enabled carrot I use, won't I be making my 
> shopping habits visible to all those annoying advertisers?  Or, in 
> other words, am I compromising my privacy?  Actually, although such 
> dissemination of information can be blocked by a correctly designed 
> firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by 
> <your-favorite-commercial-site>" that comes with your ISP contract, 
> would err on the side of promiscuity.

Why yes, yes you are giving up some of your privacy. And unless you have 
the time and are willing and able to learn how to configure firewalls 
for each device and application you use, or have the money to pay 
someone else you trust to do it for you, there is very little to protect 
you from the rest of the world.

I just finished reviewing my firewall logs for last week. There are 
127MiB with ipmon reports of rejected connection attempts. That's 
actually  on the low side for any seven day period. I have some weeks 
that are half again that much. Somebody out there is pounding on that 
firewall pretty hard, trying to break in. I'm certain they don't have my 
best interests at heart. Most of the ports attacked are linked to well 
known services and worms on one particular OS, which I don't happen to 
have running on my network. But this log tells me that it is important 
to make it as difficult as possible for whomever is knocking on the 
door. I don't see that IPv6 helps improve that protection. In fact, it 
appears to eliminate some of the protection I have now.

Somebody mentioned that NAT broke several protocols when it was 
introduced. That suggests those protocols needed to be fixed or 
replaced. In particular, FTP should have been trashed decades ago. It 
was designed when every system administrator could be held responsible 
for his actions or inaction. That requirement disappeared more than 20 
years ago. Protocols that depended on it should have disappeared with it.

Bob McConnell
N2SPP