On Tue, Dec 7, 2010 at 10:29 AM, Bob McConnell <rmcconne at lightlink.com> wrote: > Adam Tauno Williams wrote: >> On Mon, 2010-12-06 at 18:28 -0500, Bob McConnell wrote: >>>> IPv6 is not broken by design. NAT was implemented to extend the time >>>> until IPv4 exhaustion. A side effect was hiding the internal IPv4 >>>> address, which complicates a number of protocols like FTP and SIP. The >>>> only downside I see is ISPs could try and charge based on the number >>>> of IPv6 addresses being used. >>> No, the downside is that each address used will be exposed to the world. >> >> False. That is *NOT* a downside. >> >> NAT is *NOT* a magic sauce - install a firewall [which you probably >> already have]. Problem solved. >> >>> I consider that a serious security flaw. >> >> It is not. >> >>> Having my ISP know how many >>> computers I have is a minor issue covered by the contract I have with >>> them. >> >> So you want to cheap on the legal contract you agreed to? > > No, if they want too much money before I can install additional > computers, I have several other choices, some of which will likely be > less expensive. Currently, their TOS is not an issue. > >>> But having all of those addresses exposed to Russian mobsters, >>> terrorists, crackers and everyone else that knows how to capture packets >>> is another matter altogether. If IPv6 exposes that information to the >>> world, it is definitely unsafe to use. >> >> The "Russian mobsters" can already do that; if you think NAT is >> protecting you from that then you are mistaken. > > NAT hides the IP addresses of the computers inside my firewall. The only > address exposed is the temporary address assigned to the firewall > itself. That box can be run on the most secure OS I can find (currently > one of the BSD's), and allows me to operate other systems behind it that > aren't as well protected. This makes it significantly more difficult for > those mobsters to penetrate my network. Is 172.16.10.72 a private address of yours or of your ISP?