Re: [fw-wiz] IPv6 support in firewalls



On 8/22/07, Darren Reed <darrenr@xxxxxxxxxxxxxxxxx> wrote:
It's not just this, people today want to deploy/build large scale IP
networks where 10/8 isn't enough, not to mention giving those
addresses visibility to the Internet.

NOOOOO! One of the great things about the perceived scarcity of IPv4
space on the Internet is that it finally forced most of the
institutions that were still using public addresses for everything
with an Ethernet port in it to implement NAT (and thus a firewall of
some sort). For nearly two decades, K12's, .gov's, state & locals,
and .edu's just swung their entire network in the public address space
breeze. They rocked out with their netblock out, so to speak.

The thought of a return to that kind of "we've got plenty, put it on
the public net" makes my stomach turn. I turned over a few of those
rocks (putting once public address space behind firewalls and
reviewing the logs) and it wasn't pretty.


The only way that they can plan to do this is by specifying
that IPv6 is used - there is no other alternative.

I say we dust off IPX. Sure, it didn't natively support sockets, but
it had name resolution, server-less dynamic addressing is a snap (or
is that a SAP?), and you won't run out of address space before the
manufacturers do - built in provisioning control! :-)


Anyone want to start a pool/tab on when the sky will reach the ground? :)

We've been swimming in clouds for a long time.

PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Chinese censorship, and rooves
    ... newsreader's reference to "The Great Firewall of China". ... Content Regulation on Internet Commerce; ... screening process on communications from networks external to an ... used in the late 1980s to separate networks from one another. ...
    (alt.usage.english)
  • Re: [SLE] Is a VPN the right thing to use here?
    ... > Due to current circumstances, I have two separate networks, L and R, on ... > the same side of an ADSL modem and need to setup a route between them. ... > geographical locations, linked via the Internet. ... adapt the respective firewall configuration, though, and let this traffic pass. ...
    (SuSE)
  • Re: Tracing a Hacker
    ... Assuming you are talking about an attack from the internet, ... your main lines of defense are a firewall, antivirus software that can update itself ... with critical updates at Windows Updates. ... networks and I probably see at least a couple thousand attempts to hack my network ...
    (microsoft.public.security)
  • Re: MSVCRT.DLL error message....HELP! :-)
    ... the machine ever connected to the internet or any networks during those 3 ... Has a firewall been abled at all times? ... It was fully patched during the initial installation. ...
    (microsoft.public.windowsxp.general)
  • Re: avast
    ... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.general)