> From: "Stephen Sprunk" <[EMAIL PROTECTED]> > Date: Fri, 31 Dec 2004 22:42:17 -0600 > Sender: [EMAIL PROTECTED] > > > Thus spake <[EMAIL PROTECTED]> > > > > as one who has been "bit" by this already - i can say amen to > > what Rob preacheth... the hardest part is getting folks up to > > speed on IPv6 as a threat vector. > > Are there any layman-readable presentations or whitepapers out there that > discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL > tuning might be different? > > > Swat teams that can neutralize an IPv4 based flareup in minutes/ > >hours can take days/weeks to contain a v6 channel... > > The thing about that is that, if IPv6 is identified as the channel, it's > still quite possible to shut down IPv6 connectivity until you figure out how > to fix things. After all, there's nothing significant out there yet on v6 > that can't be reached with v4...
Stephen, This may the case in your world, but in mine there are a few major international research projects that are IPv6 only and I am not in a position where I can just shut down IPv6 at some spot and assume that customers won't notice (or at least won't care). -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
