Disabling ipv6
Fernando Lozano
fernando at lozano.eti.br
Thu Jul 11 16:41:47 UTC 2013
Hi,
>> Would this be so bad? Most people at work have been working using
>> NAT for years. NAT increases security. Most internet users don't
>> need to run servers.
> NAT does NOT increase security. NAT is a combination of a stateful
> firewall with a packet mangler; the security comes from the firewall,
> not the mangler. Leave out the packet mangling; use a firewall and
> "real" IPs.
If NAT prevents anyone from the internet to try to connect to my
computer, this is increased security. After all, don't we configure
firewalls exactly to prevent unwanted connections?
Of course NAT alone does not brings security. But as I understand TCP/IP
networks, NAT does help security.
Not having NAT means having everyone, every device and computer with a
real, public internet address. This means more potential targets for
hackers.
> Lots of Internet users run servers and don't even know it; any peer to
> peer system is a server on one end. Look at all the hoops software has
> to jump through to try to work through NAT (and especially multiple
> layers of NAT), sometimes failing and frustrating users.
NAT is a fact today, has been for years, and people have been using
Bittorrent and Skype regardless.
For home users and SMBs, NAT is something that was taken care of. IPv6
is a whole new bunch of risks. I am not against IPv6 per se. I am
against wide use of IPv6 right now. Let it mature.
> As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which
> adds layers of NAT that break things like P2P applications and IPSec.
I'll happily trade IPSec for OpenVPN. ;-)
> In any case, IPv6 should be enabled by default because users may connect
> to IPv6 networks and need it to "just work", just like IPv4. They
> aren't power users that know how to tweak hidden options, they just want
> to use the network.
To just use the network they need only IPv4. They don't need the
security risks that current IPv6 implementation and default
configurations adds. Today, IPv6 is far from "just works". You are
advocating using all end users as guiena pigs for IPv6 evolution. I
advocate evolving IPv6 before exposing end users to ti.
[]s, Fernando Lozano
More information about the users
mailing list