Lew Wolfgang wrote:
On 09/11/2016 08:36 AM, Per Jessen wrote:
El 2016-09-11 a las 16:45 +0200, Per Jessen escribió:
Which presumably means an authorized, but incompetent Windows user? Yep. As james says, decent corporate sites have an admin that does not allow normal staff to access. But many small sites do not have a Windows server or a full admin to do it. Then they're asking for it. No RFC or mitigating features can
Carlos E. R. wrote: prevent an incompetent idiot from shooting himself in the foot. It is unfortunate, but any tool can become a hazard if operated by an incompetent or unskilled individual. But they don't shoot their own foot, but the foot of others. in this case, Linux users in the same network.
In a business setting, whoever it was that allowed common users admin access to Windows is an incompetent idiot.
Well, this was in a research environment where a scientist's desktop was in reality a laboratory instrument. User admin access was required in many cases. This organization has also been on the forefront of IPv6 deployment, I believe it's been dual-stacked for more than ten years. They were operating v6 before dhcpv6 was available.
But the fact remains you can't excuse IPv6's default router insecurity by criticizing user's methods and processes. Rogue router advertisements are an issue, and that is a fact.
Fair enough, it is a fact, but how much of an issue is it? Is it something that someone here ought to address?
IPv6's complexity is another issue.
What complexity is that? I was going to put a smiley, but seriously, what complexity, Lew? The only added complexity I see is the length of an address. All we have added in terms of infrastructure - radvd and dhcpv6. Both are easy to configure. -- Per Jessen, Zürich (17.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org