On Wed, 1 Mar 2017, Bjørn Mork wrote:
As an ISP: If you don't manage the CPE, should you even care?
That is good question. In Sweden ISPs have gotten in trouble historically for not filtering stuff and customers files were exposed. For instance when ETTH had people plug their computers directly into the ETTH RJ45 jack (12-15 years ago), had no-password SMB shares on their computers, and there was no broadcast filtering on the LAN. Then they could "see" other users SMB shares and access them, and this made the papers as "unsecure". This was blamed on ISPs, not users.
So when IPv6 now comes along, ISPs are scared that users might have no-firewall IPv6 devices, so when IPv6 is enabled all of a sudden lots of unsecured devices are then reachable from the Internet, devices that were configured in that way because before NAT "protected" them.
yes, yes, being nice is good. But this is an impossible task. There is no way you can make assumptions about the security of any unmanaged CPE, with or without IPv6.
I tend to agree, but I can also understand why an ISP might hesitate in this case.
-- Mikael Abrahamsson email: [email protected]
