RE: IPv6 deployment excuses

This is a non sequitur. In what way is the blocking of incoming unsolicited connections not a "proper security measure"? What gives you (or anyone else) the right to "disable" security measures which you (or anyone else) consider "too strict"? How do you arrive at the conclusion that

Re: IPv6 deployment excuses

Living in an area where we have a dense pocket without broadband available is a key problem. The two incumbents fail to service the area despite one having fiber 1200' away at the entry to our street. One area incumbent can do native v6, the other does 6rd but they don't serve the area so

Re: IPv6 deployment excuses

Security that is too strict will be disabled and be far less effective than proper security measures. Security zealots are often blind to that. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com -

Re: IPv6 deployment excuses

On Sat, Jul 02, 2016 at 10:49:40AM -0600, William Astle wrote: > it usually boils down to "we don't want to put any effort or resources into > updating anything". > And they must be right as their clients won't go away... :p

Re: IPv6 deployment excuses

There's one other major issue faced by stub networks which I have encountered at $DAYJOB: - My upstream(s) refuse(s) to support IPv6 This *is* a deal breaker. The pat response of "get new upstreams" is not helpful and shows the distinct bias among this community to the large players who

RE: IPv6 deployment excuses

Yes, the default is "on". An exception is added for EVERY SINGLE PIECE of Microsoft Crapware, whether it is needed or not (and in every single case, it is not). And if you turn those exceptions "off", then they are turned back on by Microsoft and their NSA partners for you, without your

RE: IPv6 deployment excuses

Windows 8 and 10 with the most recent service packs default the firewall to on with very few inbound exemptions. On Jul 2, 2016 11:38 AM, "Keith Medcalf" wrote: > > > There is no difference between IPv4 and IPv6 when it comes to > > firewalls and reachability. It is worth

RE: IPv6 deployment excuses

> There is no difference between IPv4 and IPv6 when it comes to > firewalls and reachability. It is worth noting that hosts which > support IPv6 are typically a lot more secure than older IPv4-only > hosts. As an example every version of Windows that ships with IPv6 > support also ships with the

Re: IPv6 deployment excuses

Issues I've faced in the past with v6 deployments, from the point of view of stub networks. Feel free to pick/choose as you wish: - Badly understood (By the team) methods to assign addressing to servers. - Poor tooling in regards to log processing/external providers. - Unknown cost in dev time to

Re: IPv6 deployment excuses

Thanks guys, this is what I have come up with so far. Next week i'll put together a web page or something with slightly better write-ups, but these are my initial ideas for responses to each point. Better answers would be welcome. "We have NAT, therefore we don't need IPv6." "We still have plenty

Re: IPv6 deployment excuses

Actually they are not that great. Look at the DDoS mess that UPnP has created and problems for IoT (I call it Internet of trash, as most devices are poorly implemented without safety in mind) folks on all sides. The fact that I go to a hotel and that AT mobility have limited internet reach is