This is a non sequitur.
In what way is the blocking of incoming unsolicited connections not a "proper
security measure"?
What gives you (or anyone else) the right to "disable" security measures which
you (or anyone else) consider "too strict"?
How do you arrive at the conclusion that
Living in an area where we have a dense pocket without broadband available is a
key problem. The two incumbents fail to service the area despite one having
fiber 1200' away at the entry to our street.
One area incumbent can do native v6, the other does 6rd but they don't serve
the area so
Security that is too strict will be disabled and be far less effective than
proper security measures. Security zealots are often blind to that.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
-
On Sat, Jul 02, 2016 at 10:49:40AM -0600, William Astle wrote:
> it usually boils down to "we don't want to put any effort or resources into
> updating anything".
>
And they must be right as their clients won't go away... :p
There's one other major issue faced by stub networks which I have
encountered at $DAYJOB:
- My upstream(s) refuse(s) to support IPv6
This *is* a deal breaker. The pat response of "get new upstreams" is not
helpful and shows the distinct bias among this community to the large
players who
Yes, the default is "on". An exception is added for EVERY SINGLE PIECE of
Microsoft Crapware, whether it is needed or not (and in every single case, it
is not). And if you turn those exceptions "off", then they are turned back on
by Microsoft and their NSA partners for you, without your
Windows 8 and 10 with the most recent service packs default the firewall to
on with very few inbound exemptions.
On Jul 2, 2016 11:38 AM, "Keith Medcalf" wrote:
>
> > There is no difference between IPv4 and IPv6 when it comes to
> > firewalls and reachability. It is worth
> There is no difference between IPv4 and IPv6 when it comes to
> firewalls and reachability. It is worth noting that hosts which
> support IPv6 are typically a lot more secure than older IPv4-only
> hosts. As an example every version of Windows that ships with IPv6
> support also ships with the
Issues I've faced in the past with v6 deployments, from the point of view
of stub networks. Feel free to pick/choose as you wish:
- Badly understood (By the team) methods to assign addressing to servers.
- Poor tooling in regards to log processing/external providers.
- Unknown cost in dev time to
Thanks guys, this is what I have come up with so far. Next week i'll
put together a web page or something with slightly better write-ups,
but these are my initial ideas for responses to each point. Better
answers would be welcome.
"We have NAT, therefore we don't need IPv6."
"We still have plenty
Actually they are not that great. Look at the DDoS mess that UPnP has created
and problems for IoT (I call it Internet of trash, as most devices are poorly
implemented without safety in mind) folks on all sides.
The fact that I go to a hotel and that AT mobility have limited internet
reach is
11 matches
Mail list logo