Re: selecting old machines for firewall/router use
On Wed, Feb 23, 2011 at 11:42:37PM +1100, Andrew McGlashan wrote:
> Well .... NAT does have it's advantages, one being that it can act
> as a reasonably good barrier as a NATural firewall. Sure, it's not
> perfect, but if you have every device with IPv6 (or v4 for that
> matter) being addressable from any location, then personal firewalls
> will become much more important.
Fix the border gateway. It's a strange myth that suddenly with IPv6
all the security falls down. I'd recommend [1] for a good overview of
the NAT and security implications, and for this case here section 4.2.
Since most of these routers used at home need at least a firmware update
there's the chance to roll out some stateful firewall for IPv6 as a default.
I see some oportunity here to get back to kind of a 'real' internet.
On the other hand a lot of these devices seem to be Linux based nowdays,
Linux 2.4.x that is, so I guess only the diverse hardware it's running on
holds back mass exploitation. :-/
Sven
[1] http://tools.ietf.org/html/draft-ietf-v6ops-nap-06
--
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
[ Streetlight Manifesto - Here's To Life ]
Reply to: