Mikael Abrahamsson <swm...@swm.pp.se> writes: > I just had a discussion with people from an ISP in the process of > implementing IPv6. They were afraid of turning on IPv6 for customers > who had purchased their own routers themselves, because these routers > might not have IPv6 firewalling on by default, thus exposing customers > who used to be "protected" by IPv4 NAT, to now be exposed with > unfirewalled IPv6.
As an ISP: If you don't manage the CPE, should you even care? yes, yes, being nice is good. But this is an impossible task. There is no way you can make assumptions about the security of any unmanaged CPE, with or without IPv6. If you care about the security of arbitrary customer owned devices, then you should probably start by disabling IPv4. Bjørn
