Re: selecting old machines for firewall/router use

To: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Cc: debian-user@lists.debian.org
Subject: Re: selecting old machines for firewall/router use
From: Sven Hoexter <sven@timegate.de>
Date: Wed, 23 Feb 2011 14:09:36 +0100
Message-id: <[🔎] 20110223130936.GC2058@marvin>
Mail-followup-to: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>, debian-user@lists.debian.org
In-reply-to: <[🔎] 4D6500BD.7000700@affinityvision.com.au>
References: <[🔎] 4D617362.2020801@att.net> <[🔎] 4D61E478.4080504@hardwarefreak.com> <[🔎] 4D62DE67.4050804@plouf.fr.eu.org> <[🔎] 4D62F904.3040603@hardwarefreak.com> <[🔎] AANLkTi=mu8pBEiPOP=t9wMs7998fchyNCt5qOXvxPyjw@mail.gmail.com> <[🔎] 20110222004104.GC19828@n0nb.us> <[🔎] AANLkTi=dS4r87g58Kg6o4M_uxK6eX49SKgxgxvGhi4ce@mail.gmail.com> <[🔎] 4D6500BD.7000700@affinityvision.com.au>

On Wed, Feb 23, 2011 at 11:42:37PM +1100, Andrew McGlashan wrote:

> Well .... NAT does have it's advantages, one being that it can act
> as a reasonably good barrier as a NATural firewall.  Sure, it's not
> perfect, but if you have every device with IPv6 (or v4 for that
> matter) being addressable from any location, then personal firewalls
> will become much more important.

Fix the border gateway. It's a strange myth that suddenly with IPv6
all the security falls down. I'd recommend [1] for a good overview of
the NAT and security implications, and for this case here section 4.2.

Since most of these routers used at home need at least a firmware update
there's the chance to roll out some stateful firewall for IPv6 as a default.
I see some oportunity here to get back to kind of a 'real' internet.

On the other hand a lot of these devices seem to be Linux based nowdays,
Linux 2.4.x that is, so I guess only the diverse hardware it's running on
holds back mass exploitation. :-/

Sven

[1] http://tools.ietf.org/html/draft-ietf-v6ops-nap-06
-- 
And I don't know much, but I do know this:
With a golden heart comes a rebel fist.
     [ Streetlight Manifesto - Here's To Life ]

Reply to:

References:
- selecting old machines for firewall/router use
  - From: "Elmer E. Dow" <elmeredow@att.net>
- Re: selecting old machines for firewall/router use
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: selecting old machines for firewall/router use
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- Re: selecting old machines for firewall/router use
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: selecting old machines for firewall/router use
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: selecting old machines for firewall/router use
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: selecting old machines for firewall/router use
  - From: Paul Fraser <pfraser@xl12.net>
- Re: selecting old machines for firewall/router use
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: Software RAID on external USB disk: boot problems after upgrade to squeeze
Next by Date: Re: Software RAID on external USB disk: boot problems after upgrade to squeeze
Previous by thread: Re: selecting old machines for firewall/router use
Next by thread: Re: selecting old machines for firewall/router use
Index(es):
- Date
- Thread