On Mon, Aug 9, 2010 at 12:07 PM, Paul Mansfield <[email protected]> wrote: > > thinking aloud... > > if your provider provides ipv6 as well as ipv4 and devices on your lan > are also ipv6, then you're more likely to have a major security breach?? >
I was thinking of that scenario earlier in the thread but didn't mention it, if you happen to combine your LAN and WAN at L2, your internal hosts have IPv6 enabled (as most new OSes do), and your ISP has IPv6, you can end up with a public IPv6 address either via stateless autoconfiguration or DHCPv6 and be completely open on the IPv6 Internet (assuming no host firewall). Granted the chances of getting attacked via v6 on a random address are very, very slim because there are too many IPs to scan the entire IPv6 Internet in a reasonable amount of time (until someone builds a large IPv6-connected botnet). My guess is you could take a machine full of security holes (old Linux distro at defaults, unpatched Windows XP, etc.), leave it wide open to the Internet on IPv6 only, and it probably wouldn't get touched for a year or more where it'd be owned in hours if not minutes open on IPv4. A more likely scenario to be opened to the Internet and not realize it, yes possibly. But highly unlikely to be attacked, at random at least, in such a scenario. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
