Re: [fw-wiz] IPv6 support in firewalls

Shahin Ansari wrote:
- How is it that ( I have heard ) Asia PAC counties like China have converted to IPv6 already? Given all the security issues you mention ...

There will be interesting times for early adopters. That's what usually
happens. Right now the IPV4 target space is so rich that the attackers
have not set their sights on IPV6. Just wait. Remember - IPV4 got a
10 year grace period, too, until it became predominant. Once it became
widely enough used to represent a big target, then it was feeding time.
IPV6 will be BOHICA for sure.

IPV6 has got a lot of complexity and was designed by a committee. I
guess that's a redundant statement but, well... You get the idea.

- Some purpose having every device support both stack, what are some of the issues you can run into with this? CPU ?

There are all kinds of potential problems. For one thing, you have
multiple stacks and multiple addresses. Now, it's not just a
matter of firewalling off a single network interface - now, "what
is a network interface?" is a more sensible question. Are
there potentials for screwing up a system by bouncing traffic
from one interface to another? We saw that with IPV4 loopback
devices.. And, there's always the code bloat. "Hey, just stick
it in the kernel! After all, we've already linked the kitchen sink
in there! Let's stick a whole 'nother network stack in there
in case some hacker wants to enable it and tunnel traffic
out..."

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... He's building a gateway across an IPV4 segment. ... AFAIK, all systems that support IPv6 provide this feature anyway, so that I ... the destination NIC of IPv6 packet is the same as the destination NIC of my ... was assuming that tcpip stack can rebuild the L2 header for the encapped IPv4 ...
    (microsoft.public.development.device.drivers)
  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... I suggest you look at the IPv6 gateway standards RFCs if you're interested. ... How is he going to get IPv4 address, ... the destination NIC of IPv6 packet is the same as the destination NIC of my ... was assuming that tcpip stack can rebuild the L2 header for the encapped IPv4 ...
    (microsoft.public.development.device.drivers)
  • Re: AAISP?
    ... Premium packages, and considering Max 1 Premium - depending on the ... nothing about IPv6, except that I'd end up with a /48 block if I ... I'd probably settle for setting up a PPPoE forward on my current router ... would I still be able to use the IPv4 ...
    (uk.telecom.broadband)
  • Re: Fast downloads, slow browsing
    ... That article shows you what a normal IPV4 configuration should look like. ... With Windows XP, Microsoft added IPV6, which is more complex and offers much ... Your computer, and the subnet created by the router, appears to be on ... problem was a defective modem. ...
    (microsoft.public.windowsxp.network_web)
  • AAISP?
    ... IPv6 connections available, which is something I would really like to ... nothing about IPv6, except that I'd end up with a /48 block if I ... Currently my router only supports IPv4. ... would I still be able to use the IPv4 ...
    (uk.telecom.broadband)