On Wed, Mar 5, 2008 at 2:44 PM, Brandon S. Allbery KF8NH <[EMAIL PROTECTED]> wrote: > > On Mar 5, 2008, at 17:31 , Mark Andrews wrote: > > > >> On Wed, Mar 05, 2008 at 03:00:29PM +0000, Vadim Goncharov wrote: > > >>> * The last I read about IPv6 in mainstream news, there were major > >> concerns cited over some of the security aspects of the protocol. I > >> also remember reading somewhere that IPv6 was supposed to address > >> issues > >> like packet spoofing and DoS -- what became of this? > > > > Someone was feeding you a load of horse @$$!. > > When Marcus Ranum is one of those questioning its security, I'm > inclined to believe him. (Google "mjr ipv6 security" --- his point > in a nutshell is that we're going to be fixing old IPv4 holes in new > guises for a while.)
IPv6 has got enough rope (features) that you can hang yourself in most of the same ways as ipv4. If anything, these 'enhanced' versions of ipv4 features give you new and exquisitely delicious ways of screwing yourself. eg: You can do the same kinds of damage with source routing in both ipv4 and ipv6 when it is enabled. OS developers can make the same mistakes parsing options in both. And so on. (Who remembers the ipv4 'ping of death' in the early 90's? you could send a packet with a zero-length option to random hosts and instantly kill them) -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
