IETF Logo Mail Archive

Re: [v6ops] Thoughts about wider operational input

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Wed, 30 March 2022 18:27 UTC

Return-Path: <prvs=1088639881=jordi.palet@consulintel.es>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 039053A0817 for <v6ops@ietfa.amsl.com>; Wed, 30 Mar 2022 11:27:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.008
X-Spam-Level:
X-Spam-Status: No, score=-7.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AV-F3sd5zv4r for <v6ops@ietfa.amsl.com>; Wed, 30 Mar 2022 11:27:31 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [IPv6:2001:470:1f09:495::5]) by ietfa.amsl.com (Postfix) with ESMTP id E81C13A080F for <v6ops@ietf.org>; Wed, 30 Mar 2022 11:27:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1648664847; x=1649269647; i=jordi.palet@consulintel.es; q=dns/txt; h=User-Agent:Date: Subject:From:To:Message-ID:Thread-Topic:References:In-Reply-To: Mime-version:Content-type:Content-transfer-encoding; bh=AadH/QbH PCHYXOdAzh2xI7kCt0/uM5F4bTqzD5g2svU=; b=u6YP63+g9rCHIhHELZYMmfEA T0X5uF12Y/xda4OZ66jue3HKkhNdVE8wwp5AVccOCNQ5wpMPBStZkxg7aKvxrley cKg27Mosdo9aGfHQ5kTW4h/6cOTiqn4MJ2JCINkDHY8VvSyBQDkIONdngAgma32O Kt70lMihPsrXSVMwGV8=
X-Spam-Processed: mail.consulintel.es, Wed, 30 Mar 2022 20:27:25 +0200
Received: from [10.10.10.145] by mail.consulintel.es (MDaemon PRO v16.5.2) with ESMTPA id md50000833739.msg for <v6ops@ietf.org>; Wed, 30 Mar 2022 20:27:24 +0200
X-MDRemoteIP: 2001:470:1f09:495:4d6a:329e:86bd:ee09
X-MDHelo: [10.10.10.145]
X-MDArrival-Date: Wed, 30 Mar 2022 20:27:24 +0200
X-Authenticated-Sender: jordi.palet@consulintel.es
X-Return-Path: prvs=1088639881=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: v6ops@ietf.org
User-Agent: Microsoft-MacOutlook/16.60.22022702
Date: Wed, 30 Mar 2022 20:27:20 +0200
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: v6ops list <v6ops@ietf.org>
Message-ID: <7228D9A7-54A8-4BAE-9299-204C049F600B@consulintel.es>
Thread-Topic: [v6ops] Thoughts about wider operational input
References: <52661a3d-75dc-111a-3f23-09b10d7cb8d4@gmail.com> <A72CDDDB-CDCE-4EAF-B95E-997C764DB2C4@gmail.com> <9175dc32-45c1-e948-c20a-3bcc958b77b9@gmail.com> <YjmJQMNgnJoSInUw@Space.Net> <D75EF08F-6A41-41B2-AFB2-649CBCC1D83E@consulintel.es> <CAPt1N1nRnYUFA=yyJHx6t52yqWbmcd2Tf1H8gQuCZBd3Q3VqJw@mail.gmail.com> <7F4AEB43-4B24-4A21-AE9D-3EB512B98C46@consulintel.es> <8fac4314b8244ba6b33eea68694296d0@huawei.com> <9A13E47B-75D0-443F-9EE9-D2917ACB2D0F@consulintel.es> <CAO42Z2xUG+BXj+VQpajed9aGjH+q-HR7RX7C-T4DsTbouz7xWQ@mail.gmail.com> <F6A90BBF-7F44-403E-960A-8F756353B562@chinatelecom.cn> <B49417F7-3EFB-4A4D-9D1A-0D21574EA4F2@consulintel.es> <44B01ACA-3D5C-4618-B608-3B3479D29875@consulintel.es> <62447DCB.1010206@jmaimon.com>
In-Reply-To: <62447DCB.1010206@jmaimon.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/DmEBdTJ7oTOmTRnFCTgKd9Vhy4U>
Subject: Re: [v6ops] Thoughts about wider operational input
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2022 18:27:37 -0000

Because if you don't have NAT, you are forced to properly configure a firewall.

With a NAT, many don't even have a firewall or is not sufficiently well configured.

Regards,
Jordi
@jordipalet
 
 

El 30/3/22, 17:58, "v6ops en nombre de Joe Maimon" <v6ops-bounces@ietf.org en nombre de jmaimon@jmaimon.com> escribió:



    JORDI PALET MARTINEZ wrote:
    >
    > To demonstrate how NAT is not security, you just need to enable Teredo 
    > or any other UDP tunneling traversing the NAT, so the security guys 
    > can see that without any special config in the NAT, you can dig a 
    > whole on it (Teredo Navalis = Shipworm).
    >
    > Regards,
    >
    > Jordi
    >
    > @jordipalet
    >

    And then you need to demonstrate how the equivalent would not happen on 
    IPv6.

    Joe

    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

v2.23.0 | Report a Bug | By Email