On Mon, 21 Jul 2014, Gert Doering wrote:
On Mon, Jul 21, 2014 at 12:18:46AM -0700, David Lang wrote:
While it is nice to say that IPv6 has a large address space and so nobody
will ever scan it, I don't believe it.
Don't believe. Try math. 2^64 is big enough that if you manage to send
a few
Hi,
On Mon, Jul 21, 2014 at 12:18:46AM -0700, David Lang wrote:
> While it is nice to say that IPv6 has a large address space and so nobody
> will ever scan it, I don't believe it.
Don't believe. Try math. 2^64 is big enough that if you manage to send
a few 1000 packets a second, you'll need
On Mon, 21 Jul 2014, Gert Doering wrote:
Hi,
On Sun, Jul 20, 2014 at 03:50:24PM -0700, David Lang wrote:
I'm well aware of all the bullshit that is knocking on my doors all
day. Point is, firewalls on the *routers* are not goint to help the
laptop that moves around, attaches to a Wifi Hotspot
Hi,
On Sun, Jul 20, 2014 at 03:50:24PM -0700, David Lang wrote:
> >I'm well aware of all the bullshit that is knocking on my doors all
> >day. Point is, firewalls on the *routers* are not goint to help the
> >laptop that moves around, attaches to a Wifi Hotspot, is hacked there,
> >gets moved bac
On Sat, 19 Jul 2014, Gert Doering wrote:
On Fri, Jul 18, 2014 at 04:08:02PM -0700, David Lang wrote:
go do a tcpdump of your WAN interface some time, look at all the
attacks that are going on there (especially with an ISP that's not
blocking it for you)
I'm well aware of all the bullshit that
> "David" == David Lang writes:
David> go do a tcpdump of your WAN interface some time, look at all
David> the attacks that are going on there (especially with an ISP
David> that's not blocking it for you)
Bear in mind, scanning an IPv6 network is a self-inflicted
denial-of-service attack.
Hi,
On Fri, Jul 18, 2014 at 04:08:02PM -0700, David Lang wrote:
> Yes, there will be some attacks that get through and start from the
> inside, but there are far fewer that get into my network than to get
> into the network of everyone I share an ISP with.
>
> I also don't want these random ext
Hi
On Saturday 19 July 2014, David Lang wrote:
> On Fri, 18 Jul 2014 10:21:56 -0700, Bill wrote:
> > Gert Doering wrote:
> >
> > On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
[...]
> > P.S. No, my printer is not v6-ready, either, but let's assume there
> > are some that are...
If
On Fri, 18 Jul 2014 11:06:18 +0200, Gert Doering wrote:
Hi,
On Thu, Jul 17, 2014 at 12:07:57PM -0400, Soren Harward wrote:
the worst case scenario is that the user's machine gets compromised.
This is an extreme likely case, but it will not happen by a network
based attack.
It won't happen b
On Fri, 18 Jul 2014 10:21:56 -0700, Bill wrote:
Gert Doering wrote:
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
Regarding firewalling: I understand and support your point for
end-to-end connectivity though there are still quite a few people
(including myself) who have reservat
Gert Doering wrote:
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
Regarding firewalling: I understand and support your point for
end-to-end connectivity though there are still quite a few people
(including myself) who have reservations about the security
implications.
This discu
Hi,
On Thu, Jul 17, 2014 at 12:07:57PM -0400, Soren Harward wrote:
> the worst case scenario is that the user's machine gets compromised.
This is an extreme likely case, but it will not happen by a network
based attack. Compromises these days on end hosts happen due to garbage
the users click
Hi,
On Thu, Jul 17, 2014 at 10:20:09AM +0200, Steven Barth wrote:
> Regarding firewalling: I understand and support your point for
> end-to-end connectivity though there are still quite a few people
> (including myself) who have reservations about the security
> implications.
This discussion
Hi Bill,
Le mercredi 16 juillet 2014 à 12:21 -0700, Bill Moffitt a écrit :
> All these routers today, of course, necessarily come NATted, meaning no
> ports are open to the Internet. Users are accustomed to being able to
> connect their computers to the router's network and be shielded from
> u
Hello Baptiste,
Clarifying my point "should" I meant "From common sense" and also "From
Widely accepted practice".
One that may use applications that may need to be reachable from outside
can adjust the firewall manually to reflect that for the desired ports
which is not a big deal, or even
On Thu, Jul 17, 2014 at 11:23 AM, Baptiste Jonglez wrote:
> ... without having to explicitely configure your firewall.
And this is the opinion that I, and many others, disagree with.
I look at it from the principle of minimizing the worst case scenario.
We could allow all (or some, like ports >1
On Thu, Jul 17, 2014 at 03:21:32PM +0100, Fernando Frediani wrote:
> Hello guys,
>
> This discussion if becoming each day more confusing for something, which for
> me, is very simple assuming the following:
>
> - IPv6 as IPv4 should block *any incoming connection* on the WAN
> interface inclu
Hello guys,
This discussion if becoming each day more confusing for something, which
for me, is very simple assuming the following:
- IPv6 as IPv4 should block *any incoming connection* on the WAN
interface including those directed to the LAN IPs behind it.
- If a client in the LAN in
Dne 16.7.2014 22:41, Gui Iribarren napsal(a):
>> > I expect that, over time, users will become accustomed to the
>> > "end-to-end" nature of the v6 Internet and may demand that the firewall
>> > be "open" by default, and I would certainly propose that we have a
>> > simple checkbox in LUCI that all
Hi Dirk,
thanks for your help. I'll try to add some more documentation for the
IPv6 stuff in the near future.
In general the aim is to make stuff comply with RFC 7084 (successor of
6204) as closely as possible (with only 1 or 2 exceptions on purpose).
In general I'm not sure if anyone has re
On 16.07.2014 22:41, Gui Iribarren wrote:
> On 16/07/14 16:21, Bill Moffitt wrote:
>> However, for the moment, I would argue that the "rightness" of following
>> expected behavior is greater than the "rightness" of delivering the true
>> "end-to-end" nature of v6.
>
> At least Swisscom (according
I'd like to chime in to this thread as someone who has spent a fair bit
of time supporting end users (primarily home and small office users)
setting up and using "consumer grade" routers.
All these routers today, of course, necessarily come NATted, meaning no
ports are open to the Internet. Us
22 matches
Mail list logo
