Re: [v6ops] Hmm. Interesting article...
Fernando Gont <fgont@si6networks.com> Thu, 04 February 2016 11:17 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 385AE1ACEB2 for <v6ops@ietfa.amsl.com>; Thu, 4 Feb 2016 03:17:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5QjzNj-9xlv4 for <v6ops@ietfa.amsl.com>; Thu, 4 Feb 2016 03:17:40 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 150061ACEAF for <v6ops@ietf.org>; Thu, 4 Feb 2016 03:17:39 -0800 (PST)
Received: from [192.168.2.101] (unknown [181.165.125.191]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 5FCAE206ABD; Thu, 4 Feb 2016 12:17:35 +0100 (CET)
To: Owen DeLong <owen@delong.com>
References: <165F7549-2A4C-44C3-9FBA-3AF69DE50110@cisco.com> <CAHw9_iLDjyZ6CKUjcyqUBe3-_EJxDekG7a1cPVLpF_U9tVvUgQ@mail.gmail.com> <56AFD626.1000802@bogus.com> <FBABBC18-CFFA-46C9-A63C-B86FE2CFFC94@cisco.com> <6EB29183-FA9A-4B94-BD68-115DB190FE65@delong.com> <56B06129.7090301@si6networks.com> <657448B4-4F56-445A-8862-8E0EB8D1A8B2@delong.com> <56B0BE2B.5050408@si6networks.com> <10DF2D0B-4E24-432C-9770-FE395066D12C@delong.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56B32D96.9090502@si6networks.com>
Date: Thu, 04 Feb 2016 07:53:10 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <10DF2D0B-4E24-432C-9770-FE395066D12C@delong.com>
Content-Type: text/plain; charset="euc-kr"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/9Dm7MJDF8wIzGnTv0FI2CxJFcDM>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Hmm. Interesting article...
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 11:17:42 -0000
On 02/02/2016 02:44 PM, Owen DeLong wrote: > >> On Feb 2, 2016, at 06:33 , Fernando Gont <fgont@si6networks.com> wrote: >> >> On 02/02/2016 10:20 AM, Owen DeLong wrote: >>> >>>> On Feb 1, 2016, at 23:56, Fernando Gont <fgont@si6networks.com> wrote: >>>> >>>>> On 02/01/2016 07:25 PM, Owen DeLong wrote: >>>>> [...] >>>>> >>>>> The thing that strikes me most about this is that a host which has an >>>>> adequate stateful inspection firewall in front of it realy has no more issue >>>>> from it’s IPv6 address being harvested than it does from its IPv4 >>>>> address being harvested, so I’m not seeing how this is news or how it really >>>>> represents any sort of inherent vulnerability. >>>>> >>>>> Perhaps someone can enlighten me as to how this is some new security >>>>> issue we should be concerned about, but for now, it appears to me as if >>>>> it is much ado about nothing. >>>> >>>> Maybe in that in IPv4 you typically have a NAT in front of your node, >>>> where in IPv6 you don't necessarily have a fw? >>>> >>> >>> If you're running a host without any sort of filter, that's really not a problem we should be solving at the network level. That's more of an educational problem. >> >> There's a reason for deploying network-based firewalls: >> <https://tools.ietf.org/html/draft-gont-opsawg-firewalls-analysis-01> > > A network-based firewall is one form of filter. I’m not sure why you think my statement was antithetical to that. I took your statement as implying that a host should run its own filters. Looks like it was a misunderstanding on my side -- my apologies. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Warren Kumari
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... joel jaeggli
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Ted Lemon
- Re: [v6ops] Hmm. Interesting article... joel jaeggli
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Ray Hunter (v6ops)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Ray Hunter (v6ops)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Enno Rey
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Howard, Lee
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Tim Chown
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Enno Rey
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... 🔓Dan Wing
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Tom Herbert
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Nick Hilliard
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Tim Chown
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Fernando Gont