On 07/12/10 16:49, Bob McConnell wrote: > Gavin Carr wrote: >> On Mon, Dec 06, 2010 at 08:55:17PM -0500, Bob McConnell wrote: >>>> 3) When I connect my IPV6 refrigerator with its automatic inventory >>>> system tracking every RFID-enabled carrot I use, won't I be making my >>>> shopping habits visible to all those annoying advertisers? Or, in >>>> other words, am I compromising my privacy? Actually, although such >>>> dissemination of information can be blocked by a correctly designed >>>> firewall, I suspect the "Free IPv6 DSL Modem and Router, Sponsored by >>>> <your-favorite-commercial-site>" that comes with your ISP contract, >>>> would err on the side of promiscuity. >>> Why yes, yes you are giving up some of your privacy. And unless you have >>> the time and are willing and able to learn how to configure firewalls >>> for each device and application you use, or have the money to pay >>> someone else you trust to do it for you, there is very little to protect >>> you from the rest of the world. >> >> That's at least overstated, and at worst complete FUD. Generic modems and >> routers will be configured as they are now - with stateful firewalls >> blocking all incoming traffic, except for streams initiated internally. >> Outgoing connections that would have worked before via NAT continue to >> work, but without NAT. Stateful firewalls are still stateful firewalls. >> >> Where are you giving up some of your privacy? The number of hosts on >> your internal network? So allocate 256 ips (or 65k, if you like) to every >> host and use a random ip from that set for every distinct service or >> outgoing connection. >> >> There _is_ more information leakage with ipv6, in the sense that you are >> using a real ip from an internal machine on the connection. But the >> point is that the security benefit of that is largely illusory, security >> by obscurity. > > No, it is not FUD, it is a real concern by people with much to lose. > Those of you evangelizing this new, and still unproven technology can't > seem to recognize this simple fact. This is FUD. IPv6 has been talked about and worked on for about 15 years, the early talks about IPv6 started in the early 1990's. It's been implemented in most OSes over the last 10 years. It's been available to users for a long time. But a reluctant market who is not willing to change until it's absolutely needed have delayed the implementation. Now we're running out of IPv4 addresses pretty soon, and system admins and network implementers begins to feel the heat. <http://datatracker.ietf.org/wg/ipv6/> Notice that the IETF IPv6 Working Group concluded their work Jun 2007. For more information, also check out: <http://www.ipv6actnow.org/info/statement/> Based on the list of supporters, it also seems to quite proven. I meet every day more and more Internet services which provides both IPv4 and IPv6 services. IPv6 is in production many places already. Did you know that these sites already provide IPv6? <http://ipv6.google.com> <http://www.v6.facebook.com> <http://www.heise.de> None of them are small. A-Pressen, a Norwegian media group, is looking into rolling out IPv6 to the vast majority of on-line newspapers. That IPv6 is unproven, is simply a false statement. > I consider that information leakage to be very significant. It > advertises the presence of another computer with explicit information on > where to reach it. Regardless of the firewall, none of which are > perfect, this increases the exposure of my systems in an adverse > fashion. It increases my risk of being penetrated by someone I probably > don't want rummaging around in my files. But I don't see any additional > protection being offered to replace what is being taken away. There is no more information leakage in IPv6 compared to IPv4. In IPv4 and IPv6 you still have to use public IP addresses to communicate with the rest of the world. The only difference with IPv4 + NAT is that all computers on the inside uses your firewalls public IP address. That's actually an even worse situation in my opinion. As that tells an attacker where your firewall is. With IPv6, you can have your firewall with whatever IPv6 address you want, and an attacker don't know if he is hitting a firewall or the destination host. Which means the attacker will know *less* about the attack vector than with IPv4. And due to the enormous address space IPv6 gives each single site, doing a brute-force attack against more IP addresses will be a never-ending story. Try to double 4.294.967.296 32 times, and you'll have the number of addresses available *only to you* in *one* /64 subnet. If you then even introduce IPv6 Privacy Extensions, which will randomise and change the IPv6 address regularly, an attacker will shoot at a moving target. Then put this "moving target" behind a firewall which doesn't provide access from the outside to the inside (only from inside to outside), and the attacker will not know if he hits or not. (This is seen from an IPv6 client side perspective, as for the server side perspective, the situation is more or less identical to IPv4) And if you're afraid if you're firewall "drops its pants", then place two ore more firewalls in cascade. If one of them fails, the second or the following one(s) will cover it. If you have a need for a totally "secret network", each network adapter can be assigned with as many IPv6 addresses you would like, so those machines you like to give access to the rest of the world may have that and those who are purely internal may be that as well, on a separate subnet not being routed outside your network. You can even put them in a separate VLAN which is not routed to the outside at all, thus keeping that network only to yourself. And if you insist on having all clients using *one* IP address out to the world, you have network proxies, like Squid [1]. This is a more proper way to do what you want, instead of abusing NAT as a security feature. NAT was not created for security. It was created to prolong the lifetime for IPv4. kind regards, David Sommerseth [1] <http://wiki.squid-cache.org/Features/IPv6>