On Nov 13, 2014, at 12:12 PM, Michael Thomas <[email protected]> wrote: > That said, I really do wonder -- given how trivial it is with v6 to get a > GUA, -- how easy it is > to keep things within, say, the home that we don't want to accidentally > leaking out onto > the internet from doing so[*]. My guess: hard.
Unfortunately, I think that we don't have a ready answer for this. Even if you have a firewall that emulates the behavior of a NAT in terms of preventing unsolicited incoming connections, any device on the network can in principle connect off network. The only way to prevent this is to have specific policies per device, which pretty much requires a UI. So e.g. if your printer is programmed to check the vendor's site for updates, you would have to explicitly block it from doing so if you wanted it to be invisible to off-network surveillance. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
