Disabling ipv6

Fernando Lozano fernando at lozano.eti.br
Fri Jul 12 14:41:41 UTC 2013


Hi,

> Tim:
>>> If manufacturers and software programmers don't pull their fingers
>>> out, we'll be faced with even more ISPs subjecting their clients to
>>> NAT.
> Fernando Lozano:
>> Would this be so bad? Most people at work have been working using NAT
>> for years. NAT increases security. Most internet users don't need to
>> run servers.
> Yes it would.  NAT doesn't really increase security.  It gives the
> illusion of doing so, because it usually breaks networking, but not
> always (just one reason why you shouldn't pretend it's a firewall).
IMHO globaly-addressable client devices increase security risks. NAT 
make some things more complicated, but I'd rather improve NAT 
technologies and application protocols to work with then. Many experts 
argue in favor of NAT even for IPv6 networks, see for example:

http://searchenterprisewan.techtarget.com/tip/Why-IPv6-wont-rid-the-Internet-of-Network-Address-Translation

> Users do things that act like servers, and require connections to get
> through to them.
IMHO they shouldn't. End users will never know enough to implement 
proper network security. Cloud services would provide better 
alternatives to most "server-like" things users would want to do, with 
cheap and free options.

> Just a few things that become nightmarish with NAT:
>
>    Using some FTP servers.
It's a protocol broken by design, with connection call-back connections. 
I'd eliminate FTP altogether.


>    Sending files through instant messenger clients.
Put Dropbox, Google Drive or the like suppport in IM clients. Push for a 
standard REST API for this kind of services, so IM developers don't have 
to write code for a myriad different services.


>    Voice over IP.
Improve VoIP protocols. Most VoIP users will anyway depend on 
centralized servers for realiability (like Skype supernodes), presence, 
authentication, or interoperability with POTS and cell services.


>    Using any type of peer-to-peer software.
IMHO peer-to-peer in general is a boken concept. It's nice for 
experimentation, good for politics (you won't depend on a big 
corporation) but increases network security risk. There are technical 
alternatives to peer-to-peer designs that IMHO lend to better security 
and QoS. On the political side, standards and ONGs should prevent 
dominance by big corporations.

Cloud VPN services would allow end-users to get connections to their 
home machines if they want, at the same without exposing them to scans 
and attacks from the whole Internet. I'd focus on improving those offering.


[]s, Fernando Lozano



More information about the users mailing list