On Jan 10, 2011, at 8:22 PM, Jack Bates wrote: > On 1/10/2011 6:33 PM, valdis.kletni...@vt.edu wrote: >> I'd say on the whole, it's a net gain - the added ease of tracking down >> the click-here-to-infect machines that are no longer behind a NAT >> outweighs the little added security the NAT adds (above and beyond >> the statefulness that both NAT and a good firewall both add). >> > > Really? Which machine was using the privacy extension address on the /64? I > don't see how it's made it any easier to track. In some ways, on provider > edges that don't support DHCPv6 IA_TA and relay on slaac, it's one extra > nightmare. > > > Jack
At least I can tell which segment the pwn3d machine is on. As it currently stands, I'm lucky if I can tell which state the pwn3d machine inside $ENTERPRISE is located in. Sometimes, you can't even tell which country. Owen
