-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Adam,
> And recent computer or distributions is sitting their quietly waiting > for it's IPv6 address to arrive - probably automatically, via auto > discovery. Clients are trivial. ... and that is EXACTLY the biggest problem with IPv6. 'Introducing' IPv6 happens automatically in most cases, and inadvertently as well. The moment ISPs will start supporting IPv6 for their customers will be a security nightmare, because IPv6 firewalls will not be configured on most networks, and the pseudo-security of NAT will no longer be in effect. In fact, a very large number of networks (especially those currently relying on NAT 'security') will be completely exposed to the Internet without any protection, and the bad thing is that you just don't have to do anything to make it 'work'. From one day to the other, IPv6 connectivity will be there and most people won't even notice until it's too late. One may only hope that home router manufacturers will deliver standard configurations with all incoming IPv6 traffic (except answers to outgoing packets, obviously) blocked by default, but I'm not very optimistic :-( So, before you do anything else, set up proper incoming and outgoing IPv6 port filtering rules on your perimeter routers. It will save you a hell of a headache. Peter. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk93AW4ACgkQ+8TW1Xhd1gcs+ACdGuX1d+0tB9BCh29oH/qJYli7 1rMAoLgnYPcgz3H73kot9sONNjmXOc8C =TjFi -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
