It means that in the early days of migration (specially if people are not aware of providers suddenly present a dual stack to their customers) will find their network highly exposed.... (imho that's the main reason for getting your feet wet early) Is that a _real_ issue to worry about, Hans? If a customer is IPv4-only, and his provider decides to offer IPv6 too without telling the customer, I don't see that changing anything for the customer. His network equipment isn't just going to switch into dual-stack just like that. For instance, my provider set up IPv6 on my ADSL line Thursday night, and didn't tell me until Friday morning. I can assure you it did not affect my site security at all.
Your provider has nothing to do with it. (a) I enter your building and plug into your network. (b) I instantly have an IPv6 link-local address. (c) I can communicate with all IPv6 enabled devices - Every Windows Vista / 7 box - Every LINUX box - Most UNIX boxes - Possibly your switches and other devices. * Unless you have manually disabled IPv6 on all the above. (d) Your IPv4 firewalls on those devices don't do anything to stop me. This has been demonstrated, and malware can use IPv6 internally too. Your connection to your &@^&*! provider is not the only attack surface on your network. It probably isn't even your most significant. It is pretty well documented that (a) is frighteningly easy to do most places. -- OpenGroupware developer: awilliam@whitemice.org http://whitemiceconsulting.blogspot.com/ OpenGroupare & Cyrus IMAPd documenation @ http://docs.opengroupware.org/Members/whitemice/wmogag/file_view -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org