On Sep 28, 2011 11:26 PM, "Joel jaeggli" <joe...@bogus.com> wrote: > > On 9/28/11 19:09 , Christopher Morrow wrote: > > On Wed, Sep 28, 2011 at 8:51 PM, Dan Wing <dw...@cisco.com> wrote: > >> It's too bad computer science is not a science, or we would actually > >> look at the past, and this mistakes that were made, to build tomorrow's > >> systems. ALGs were a mistake. > > > > I like algs for some things but agree with dan here... and the larger > > point is really: "Plan for your thingy to live on the open internetz, > > else you will fail/pay later." > > the traditional assumption that one can build scada systems with soft > gooey centers and everything would be a-ok due to algs proxies and > airwalls was always a bit shaky, it's only mater of time before that > bites us in a visceral fashion. >
100% agree. I don't think that is fundamentally inconsistent with using 'private' address space to easily identify internal-only hosts or interfaces. One place I find ULA especially useful is my pref64 in the nat64 / dns64 deployment. I only want internal host with my ula reachability to have this gateway feature. Yes, other measure are in place, but this is one that is easy on the eyes for both network and host troubleshooting, small in the config, and likely cosistent with my peers filtering rules. Cb > this little gem has been making the rounds, and while I find it a bit > silly it's worth a second glance. > > https://www.infosecisland.com/blogview/16696-FACT-CHECK-SCADA-Systems-Are-Online-Now.html > > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > ipv6@ietf.org > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
