Mailinglist Archive: opensuse (1599 mails)

< Previous Next >
Re: [opensuse] Practicalities of IPv6
It means that in the early days of migration (specially if people are
not aware of providers suddenly present a dual stack to their
customers) will find their network highly exposed.... (imho that's the
main reason for getting your feet wet early)
Is that a _real_ issue to worry about, Hans? If a customer is
IPv4-only, and his provider decides to offer IPv6 too without telling
the customer, I don't see that changing anything for the customer. His
network equipment isn't just going to switch into dual-stack just like
that.
For instance, my provider set up IPv6 on my ADSL line Thursday night,
and didn't tell me until Friday morning. I can assure you it did not
affect my site security at all.

Your provider has nothing to do with it.

(a) I enter your building and plug into your network.
(b) I instantly have an IPv6 link-local address.
(c) I can communicate with all IPv6 enabled devices
- Every Windows Vista / 7 box
- Every LINUX box
- Most UNIX boxes
- Possibly your switches and other devices.
* Unless you have manually disabled IPv6 on all the above.
(d) Your IPv4 firewalls on those devices don't do anything to stop me.

This has been demonstrated, and malware can use IPv6 internally too.

Your connection to your &@^&*! provider is not the only attack surface
on your network. It probably isn't even your most significant.

It is pretty well documented that (a) is frighteningly easy to do most
places.

--
OpenGroupware developer: awilliam@xxxxxxxxxxxxx
<http://whitemiceconsulting.blogspot.com/>
OpenGroupare & Cyrus IMAPd documenation @
<http://docs.opengroupware.org/Members/whitemice/wmogag/file_view>

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups