From: Kevin Oberman (no email)
Date: Sat Jan 01 2005 - 17:48:21 EST
> From: "Stephen Sprunk" <>
> Date: Fri, 31 Dec 2004 22:42:17 -0600
> Sender:
>
>
> Thus spake <>
> >
> > as one who has been "bit" by this already - i can say amen to
> > what Rob preacheth... the hardest part is getting folks up to
> > speed on IPv6 as a threat vector.
>
> Are there any layman-readable presentations or whitepapers out there that
> discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL
> tuning might be different?
>
> > Swat teams that can neutralize an IPv4 based flareup in minutes/
> >hours can take days/weeks to contain a v6 channel...
>
> The thing about that is that, if IPv6 is identified as the channel, it's
> still quite possible to shut down IPv6 connectivity until you figure out how
> to fix things. After all, there's nothing significant out there yet on v6
> that can't be reached with v4...
Stephen,
This may the case in your world, but in mine there are a few major
international research projects that are IPv6 only and I am not in a
position where I can just shut down IPv6 at some spot and assume that
customers won't notice (or at least won't care).
-- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: Phone: +1 510 486-8634
|
|
|