On Mon, 2010-08-09 at 18:06 +0100, Paul Mansfield wrote:
>> if your provider provides ipv6 as well as ipv4 and devices on your lan >> are also ipv6, then you're more likely to have a major security >> breach?? people won't be using NAT in an ipv6 network, so they'll have real IPs which will contain their MAC addresses, making it much more likely that the internet at large will be able to connect to them. The MAC address is only 48 bits out of 128, leaving 80 bits of assigned address in comparison to IPv4's 64 assigned bits. How is stumbling across a (nominally) random 80-bit address easier than stumbling across a (nominally) random 64-bit address? Obviously neither case is truly random, and I would argue that at this stage, IPv4 address allocation is more predictable than IPv6 address allocation. Finding either is bound to be easier than finding a truly random number, as there are many real-world constraints, but I believe there are more constraints on the 64-bit number than the 80-bit number, which would skew the model towards being even easier to find the IPv4 address... -Adam Thompson Chief Architect, C3A Inc. [email protected]<mailto:[email protected]> Tel: (204) 272-9628 x8004 / Fax: (204) 272-8291
<<attachment: winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
