On Sun, Apr 27, 2014 at 04:29:18PM +0200, Jeroen Massar wrote:
>
> This seems completely unrelated to mtr or let alone Debian...
>
> If your tunnel is "broken", then report that to SixXS, there is a nice
> ticket system at https://www.sixxs.net/tickets/. Do provide actual
> details instead of making factless statements in the Debian bug system.
>
> I am one of the users of the chzrh02 PoP and is working like a charm.
> And the rare of chance that it does not, it typically gets reported by
> multiple users and also resolved very quickly. Init7 definitely does care.
>
> If you thus have issues, it definitely is something you have to look into.
I personally have a good understanding of IPV4 and how I've secured my
network against attacks from outside. I know what I'm doing. This
means that I make decisions about what to protect against and what I
won't protect against.
I have decided that I will have "fence security": I protect the
outside, I do not put any effort into protecting my machines from an
attacker who is able to access my network. (either by physically
plugging in or by getting control over a machine on my network).
Now this fancy IPV6 comes along. I've been pusing my hosting provider
for an IPV6 address so that I can gain some experience. I'm not
getting it. My provider at work doesn't give me IPV6 access. My
provider at home doesn't. I could tunnel apparently, but although we
hear that IPV4 addresses are running out any moment now time and time
again, nobody around me seems to be hurrying....
The little I know about IPV6 is that there won't be a need to
"masquerade" like we do now. Well, that masquerading is part of my
security strategy. It is for a lot of people. Their machines are not
on a globally routable IP address range, and their border router just
like mine will masquerade for outgoing addresses and automatically
prevent incoming connections, unless explicitly enabled (port
forwarding).
I know that my machines, when running a recent distribution, obtain an
IPV6 address. If my home router suddenly started giving my home
machines routable IPV6 addresses that would break my "fence". You'd
suddenly be able to connect to my home machine's http port, which for
example has my paragliding logbook database available to anybody who
can connect. No password no nothing. Just the fence.
I don't have control over the modem. The modem might be upgradeable by
the provider. Or the modem may already be IPV6 enabled, but for now it
doesn't get a routable IPV6 address from the provider. When they change
that, all of a sudden the IPV6 addresses on my network may become
routable.
So... best thing to do is to make sure my machine will never talk
IPV6. How about I compile a kernel without IPV6? Or maybe just boot
with ipv6disable=1?
Roger.
--
** r.e.wo...@bitwizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 **
** Delftechpark 26 2628 XH Delft, The Netherlands. KVK: 27239233 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
The plan was simple, like my brother-in-law Phil. But unlike
Phil, this plan just might work.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
