IETF Logo Mail Archive

Re: [OPSEC] [v6ops] 3 Volunteers wanted - Draft: draft-gont-opsec-ipv6-implications-on-ipv4-nets

Warren Kumari <warren@kumari.net> Thu, 16 August 2012 19:40 UTC

Return-Path: <warren@kumari.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E154A21F852C; Thu, 16 Aug 2012 12:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.299
X-Spam-Level:
X-Spam-Status: No, score=-106.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbC0TuujoB4g; Thu, 16 Aug 2012 12:40:21 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 68DC521F84F7; Thu, 16 Aug 2012 12:40:21 -0700 (PDT)
Received: from [192.168.1.118] (unknown [66.84.81.72]) by vimes.kumari.net (Postfix) with ESMTPSA id 61E371B4017A; Thu, 16 Aug 2012 15:40:16 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="windows-1252"
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <001f01cd7a4e$d05c7390$71155ab0$@asgard.org>
Date: Thu, 16 Aug 2012 15:40:15 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <EDA14A02-F441-44AA-B54A-FE0FE8C8C5B8@kumari.net>
References: <67832B1175062E48926BF3CB27C49B240674C2@xmb-aln-x12.cisco.com> <97EB7536A2B2C549846804BBF3FD47E10C3A2A@xmb-aln-x02.cisco.com> <001f01cd7a4e$d05c7390$71155ab0$@asgard.org>
To: Lee Howard <lee@asgard.org>
X-Mailer: Apple Mail (2.1278)
Cc: 'v6ops v6ops WG' <v6ops@ietf.org>, opsec@ietf.org, 'Fernando Gont' <fgont@si6networks.com>, Warren Kumari <warren@kumari.net>
Subject: Re: [OPSEC] [v6ops] 3 Volunteers wanted - Draft: draft-gont-opsec-ipv6-implications-on-ipv4-nets
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2012 19:40:22 -0000

On Aug 14, 2012, at 2:58 PM, Lee Howard wrote:

>  
>  
> From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of Eric Vyncke (evyncke)
> Sent: Tuesday, August 14, 2012 4:43 AM
> To: Gunter Van de Velde (gvandeve); opsec@ietf.org; v6ops v6ops WG (v6ops@ietf.org)
> Cc: Fernando Gont
> Subject: Re: [v6ops] [OPSEC] 3 Volunteers wanted - Draft: draft-gont-opsec-ipv6-implications-on-ipv4-nets
>  
> -       1.0 please avoid all discussion about NAPT being ‘minimal/simple’ security, the days of scanning are over and have been replaced by malware download/email propagated
>  
>  
> This is demonstrably false, and I can send you logs of scanning attempts foiled by NAPT.  NAT is crap security, but it’s not zero security. 
> 


Heretic!

Actually, I'd go so far as to drop the "crap" from the above -- while it isn't "real" security (whatever that means) it has become cool to simply beat on the NAT. 

Yes, it's not awesome, but it *does* help prevent the secretary's desktop from getting owned quite as often. Yes, he should have it patched, yes it should be capable of protecting itself, yes, there should be a "real" security widget in front of it, but, well… 

W


> Lee
> _______________________________________________
> OPSEC mailing list
> OPSEC@ietf.org
> https://www.ietf.org/mailman/listinfo/opsec

-- 
With Feudalism, it's your Count that votes.

v2.23.0 | Report a Bug | By Email