Re: Security over IPv6 networks

To: debian-ipv6@lists.debian.org
Subject: Re: Security over IPv6 networks
From: Tim Spriggs <tims@fugazi.engr.arizona.edu>
Date: Thu, 13 Mar 2003 17:22:03 -0700 (MST)
Message-id: <Pine.GSO.4.44.0303131707240.10720-100000@fugazi.engr.arizona.edu>
In-reply-to: <838475F8-55AA-11D7-95A8-00039317863E@suespammers.org>

Ya know... a misconfigured firewall can be just as insecure as having all
machines on a global network.

The only reason people do it is to a) Do as M$ does and just make the
inner-workings of a system a little less known and b) conceptually it
makes a difference. When you can put a cloud around something it makes
people happy. :)

Unless I am mistaken, you can make these same pretty little clouds around
your networks and be just as secure as you were before. There is also the
idea that IPv6 is NOT widely known, therefore there will be a smaller mass
of people to target your network.

On the argument of so many different devices being used that they
generally won't all be susceptible to a single hack, we tend to make
standards for devices to talk with each other, once people realize that
their cell phone can talk to their garage door opener and their automatic
fish-feeders, there will be some common form of communication between
these devices. Who is to say that these protocols will not be susceptable
to a single attack? What if there is some great huge hole along the way?

Then it will be fixed/patched or left open.

I think it's silly to start worrying MORE about this as a potential
security problem... If a security issue exists from the mere changing of
IP-addresses, then I contend that a security issue existed all along.

Lets poke at the source, not the symptom.

however, there is time before you MUST implement IPv6 as a standard...
IPv6 has a long way to being THE standard as there are so many people that
don't even have a clue as to what it is/does. It's also not supported on
anything but Unices and some outdated version of win2k as well as XP with
the "developmental" patches on top. As much as I would like to say that
windows is not a factor, I simply can't... yet :)

-Tim

 ____.-=|  Tim  Spriggs  |=-.____
(||)      Systems Admin.      (||)
|)(|  College of Engineering  |)(|
(||) ECE206A - (520) 621 3185 (||)
|)(_.-=##^^##=-.__.-=##^^##=-._)(|
/                                \
         ^^^    ||    ^^^
                ||
               (..)
    \
     \________

... Defacing is a crime anywhere else.

On Thu, 13 Mar 2003, Anthony DeRobertis wrote:

>
> ln(2^128) / ln(10) =~ 30.53. So there are 10^30.5 IPv6 addresses. If
> all of the six billion people on the earth decided to get six billion
> cell phones each, then that'd only be about 10^19 addresses used. Very,
> very, sparse --- better chance of winning the jackpot at the lotto than
> getting a single ping back from a random address.
>
> That's no where near enough addresses! Let's use more. Let's assume
> that each of the 2^11 stars in the Milky Way is much like our own. They
> all have one planet, with six billion sentient beings on it, each with
> their own six billion cell phones. That bings us to 10^30 addresses
> used.
>
> Now we've finally done it. By giving an address to every sentient being
> in the Galaxy, and to each of their six billion cell phones each, we've
> managed to get a dense IPv6 address space. Assuming I got the math
> right, of course ;-)

Reply to:

References:
- Re: Security over IPv6 networks
  - From: Anthony DeRobertis <asd@suespammers.org>

Prev by Date: Re: Security over IPv6 networks
Next by Date: Re: Security over IPv6 networks
Previous by thread: Re: Security over IPv6 networks
Next by thread: Re: Security over IPv6 networks
Index(es):
- Date
- Thread