Hi,
On Sun, Jul 20, 2014 at 03:50:24PM -0700, David Lang wrote:
I'm well aware of all the bullshit that is knocking on my doors all
day. Point is, firewalls on the *routers* are not goint to help the
laptop that moves around, attaches to a Wifi Hotspot, is hacked there,
gets moved back
On Mon, 21 Jul 2014, Gert Doering wrote:
Hi,
On Sun, Jul 20, 2014 at 03:50:24PM -0700, David Lang wrote:
I'm well aware of all the bullshit that is knocking on my doors all
day. Point is, firewalls on the *routers* are not goint to help the
laptop that moves around, attaches to a Wifi
Hi,
On Mon, Jul 21, 2014 at 12:18:46AM -0700, David Lang wrote:
While it is nice to say that IPv6 has a large address space and so nobody
will ever scan it, I don't believe it.
Don't believe. Try math. 2^64 is big enough that if you manage to send
a few 1000 packets a second, you'll need
On Mon, 21 Jul 2014, Gert Doering wrote:
On Mon, Jul 21, 2014 at 12:18:46AM -0700, David Lang wrote:
While it is nice to say that IPv6 has a large address space and so nobody
will ever scan it, I don't believe it.
Don't believe. Try math. 2^64 is big enough that if you manage to send
a few
On Sat, 19 Jul 2014, Gert Doering wrote:
On Fri, Jul 18, 2014 at 04:08:02PM -0700, David Lang wrote:
go do a tcpdump of your WAN interface some time, look at all the
attacks that are going on there (especially with an ISP that's not
blocking it for you)
I'm well aware of all the bullshit
Hi,
On Fri, Jul 18, 2014 at 04:08:02PM -0700, David Lang wrote:
Yes, there will be some attacks that get through and start from the
inside, but there are far fewer that get into my network than to get
into the network of everyone I share an ISP with.
I also don't want these random
David == David Lang da...@lang.hm writes:
David go do a tcpdump of your WAN interface some time, look at all
David the attacks that are going on there (especially with an ISP
David that's not blocking it for you)
Bear in mind, scanning an IPv6 network is a self-inflicted
denial-of-service
Hi,
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
Regarding firewalling: I understand and support your point for
end-to-end connectivity though there are still quite a few people
(including myself) who have reservations about the security
implications.
This discussion
Hi,
On Thu, Jul 17, 2014 at 12:07:57PM -0400, Soren Harward wrote:
the worst case scenario is that the user's machine gets compromised.
This is an extreme likely case, but it will not happen by a network
based attack. Compromises these days on end hosts happen due to garbage
the users click
Gert Doering wrote:
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
Regarding firewalling: I understand and support your point for
end-to-end connectivity though there are still quite a few people
(including myself) who have reservations about the security
implications.
This
On Fri, 18 Jul 2014 10:21:56 -0700, Bill wrote:
Gert Doering wrote:
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
Regarding firewalling: I understand and support your point for
end-to-end connectivity though there are still quite a few people
(including myself) who have
Hi
On Saturday 19 July 2014, David Lang wrote:
On Fri, 18 Jul 2014 10:21:56 -0700, Bill wrote:
Gert Doering wrote:
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
[...]
P.S. No, my printer is not v6-ready, either, but let's assume there
are some that are...
If you're
On 16.07.2014 22:41, Gui Iribarren wrote:
On 16/07/14 16:21, Bill Moffitt wrote:
However, for the moment, I would argue that the rightness of following
expected behavior is greater than the rightness of delivering the true
end-to-end nature of v6.
At least Swisscom (according to Baptiste)
Hi Dirk,
thanks for your help. I'll try to add some more documentation for the
IPv6 stuff in the near future.
In general the aim is to make stuff comply with RFC 7084 (successor of
6204) as closely as possible (with only 1 or 2 exceptions on purpose).
In general I'm not sure if anyone has
Dne 16.7.2014 22:41, Gui Iribarren napsal(a):
I expect that, over time, users will become accustomed to the
end-to-end nature of the v6 Internet and may demand that the firewall
be open by default, and I would certainly propose that we have a
simple checkbox in LUCI that allows the
Hello guys,
This discussion if becoming each day more confusing for something, which
for me, is very simple assuming the following:
- IPv6 as IPv4 should block *any incoming connection* on the WAN
interface including those directed to the LAN IPs behind it.
- If a client in the LAN
On Thu, Jul 17, 2014 at 03:21:32PM +0100, Fernando Frediani wrote:
Hello guys,
This discussion if becoming each day more confusing for something, which for
me, is very simple assuming the following:
- IPv6 as IPv4 should block *any incoming connection* on the WAN
interface including
On Thu, Jul 17, 2014 at 11:23 AM, Baptiste Jonglez bjong...@illyse.org wrote:
... without having to explicitely configure your firewall.
And this is the opinion that I, and many others, disagree with.
I look at it from the principle of minimizing the worst case scenario.
We could allow all (or
Hello Baptiste,
Clarifying my point should I meant From common sense and also From
Widely accepted practice.
One that may use applications that may need to be reachable from outside
can adjust the firewall manually to reflect that for the desired ports
which is not a big deal, or even by
Hi Bill,
Le mercredi 16 juillet 2014 à 12:21 -0700, Bill Moffitt a écrit :
All these routers today, of course, necessarily come NATted, meaning no
ports are open to the Internet. Users are accustomed to being able to
connect their computers to the router's network and be shielded from
I'd like to chime in to this thread as someone who has spent a fair bit
of time supporting end users (primarily home and small office users)
setting up and using consumer grade routers.
All these routers today, of course, necessarily come NATted, meaning no
ports are open to the Internet.
21 matches
Mail list logo
