Re: [v6ops] Hmm. Interesting article...
Owen DeLong <owen@delong.com> Tue, 02 February 2016 17:45 UTC
Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CB8F1B2DCB for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 09:45:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.102
X-Spam-Level:
X-Spam-Status: No, score=-6.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S7XADcX__7MC for <v6ops@ietfa.amsl.com>; Tue, 2 Feb 2016 09:45:42 -0800 (PST)
Received: from owen.delong.com (owen.delong.com [192.159.10.2]) by ietfa.amsl.com (Postfix) with ESMTP id 0BC3A1B2DB7 for <v6ops@ietf.org>; Tue, 2 Feb 2016 09:45:41 -0800 (PST)
Received: from [IPv6:2620::930:0:ba09:8aff:feb9:f57f] ([IPv6:2620:0:930:0:ba09:8aff:feb9:f57f]) (authenticated bits=0) by owen.delong.com (8.14.5/8.14.5) with ESMTP id u12Hi2V3025666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 2 Feb 2016 09:44:39 -0800
Content-Type: text/plain; charset="euc-kr"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <56B0BE2B.5050408@si6networks.com>
Date: Tue, 02 Feb 2016 09:44:39 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <10DF2D0B-4E24-432C-9770-FE395066D12C@delong.com>
References: <165F7549-2A4C-44C3-9FBA-3AF69DE50110@cisco.com> <CAHw9_iLDjyZ6CKUjcyqUBe3-_EJxDekG7a1cPVLpF_U9tVvUgQ@mail.gmail.com> <56AFD626.1000802@bogus.com> <FBABBC18-CFFA-46C9-A63C-B86FE2CFFC94@cisco.com> <6EB29183-FA9A-4B94-BD68-115DB190FE65@delong.com> <56B06129.7090301@si6networks.com> <657448B4-4F56-445A-8862-8E0EB8D1A8B2@delong.com> <56B0BE2B.5050408@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3112)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (owen.delong.com [IPv6:2620:0:930::200:2]); Tue, 02 Feb 2016 09:44:39 -0800 (PST)
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/p37j8P2NuGMqeHuUceq95U0wiHM>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Hmm. Interesting article...
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2016 17:45:47 -0000
> On Feb 2, 2016, at 06:33 , Fernando Gont <fgont@si6networks.com> wrote: > > On 02/02/2016 10:20 AM, Owen DeLong wrote: >> >>> On Feb 1, 2016, at 23:56, Fernando Gont <fgont@si6networks.com> wrote: >>> >>>> On 02/01/2016 07:25 PM, Owen DeLong wrote: >>>> [...] >>>> >>>> The thing that strikes me most about this is that a host which has an >>>> adequate stateful inspection firewall in front of it realy has no more issue >>>> from it’s IPv6 address being harvested than it does from its IPv4 >>>> address being harvested, so I’m not seeing how this is news or how it really >>>> represents any sort of inherent vulnerability. >>>> >>>> Perhaps someone can enlighten me as to how this is some new security >>>> issue we should be concerned about, but for now, it appears to me as if >>>> it is much ado about nothing. >>> >>> Maybe in that in IPv4 you typically have a NAT in front of your node, >>> where in IPv6 you don't necessarily have a fw? >>> >> >> If you're running a host without any sort of filter, that's really not a problem we should be solving at the network level. That's more of an educational problem. > > There's a reason for deploying network-based firewalls: > <https://tools.ietf.org/html/draft-gont-opsawg-firewalls-analysis-01> A network-based firewall is one form of filter. I’m not sure why you think my statement was antithetical to that. Owen
- [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Warren Kumari
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... joel jaeggli
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Ted Lemon
- Re: [v6ops] Hmm. Interesting article... joel jaeggli
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Ray Hunter (v6ops)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Ray Hunter (v6ops)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Enno Rey
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Howard, Lee
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Tim Chown
- Re: [v6ops] Hmm. Interesting article... Fred Baker (fred)
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Enno Rey
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... 🔓Dan Wing
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Tom Herbert
- Re: [v6ops] Hmm. Interesting article... Ca By
- Re: [v6ops] Hmm. Interesting article... Nick Hilliard
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Mark Smith
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Joe Touch
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Fernando Gont
- Re: [v6ops] Hmm. Interesting article... Tim Chown
- Re: [v6ops] Hmm. Interesting article... Owen DeLong
- Re: [v6ops] Hmm. Interesting article... Fernando Gont