hiyas Wizards, Wunderkinder, adn general brilliant folks on this list., I read this past week soemthing to the effect of "ipv6" isn't secured automagically by firewalls, but must have some special things done to secure it? THe problem, apparently comes about because of the current way ipv6 accesses the internet ( I guess it's as secure as anything can be on a *local* net. ) IIRC one of the reasons the writer felt there was a problem was "ipv6 was easily identified when scanned by various nefarious folk, who would then realise how easy one's boxen were to attack" The further inference was made , in this article, that "The use of *private* ip numbers wouldn't to secure ipv6 computers either." I *think* it was an article in the current Linux Magazine , but am uncertain , as I read it in a Doctor's office, and there were other ( non computer) issues going on at the time as well. I'd appreciate it if anyone can enlighten me further on this issue. IT seems odd that it would be a basic insecurity of a system just to change the ip addressing scheme from ipv4 to ipv6. Does the current "personal" Firewall included by SUse in thier distro , protect this Ip scheme? Is there something specific in Marc's "Firewall2" I should be paying attention to, I'd appreciate a "clue -in" there s well. l Dancing along the bleeding edge , still reaching for the light .... afterthought I am Ginzu of Borg: You will be assimilated, but wait - there's more!
On Friday 19 April 2002 03:11 am, jfweber@bellsouth.net wrote:
hiyas Wizards, Wunderkinder, adn general brilliant folks on this list.,
I read this past week soemthing to the effect of "ipv6" isn't secured automagically by firewalls, but must have some special things done to secure it? THe problem, apparently comes about because of the current way ipv6 accesses the internet ( I guess it's as secure as anything can be on a *local* net. ) IIRC one of the reasons the writer felt there was a problem was "ipv6 was easily identified when scanned by various nefarious folk, who would then realise how easy one's boxen were to attack" The further inference was made , in this article, that "The use of *private* ip numbers wouldn't to secure ipv6 computers either." I *think* it was an article in the current Linux Magazine ,
The article was in the May/02 Linux Magazine (USA edition ). What you mention was in a sidebar, and was not well explained. He basically said that ipv6 firewalling works already and is able to protect your host or lan against unwanted ipv6 traffic. And he says you SHOULD use a firewall because blackhats can connect to your internal boxes, because (he implies, but never states) private address space as defined for ipv4 does not exist in ipv6. But this was not well explained. It was confusing, and I had to read it 3 times. It was written by Dr. Peter Bieringer, the author of the linux ipv6 howto, and he can be reached at pb@bieringer.de Perhaps he can explain it better. -- _________________________________________________ No I Don't Yahoo! And I'm getting pretty sick of being asked if I do. _________________________________________________ John Andersen / Juneau Alaska
participants (2)
-
jfweber@bellsouth.net -
John Andersen