Re: IPv6 and DNS

To: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Cc: Rick Thomas <rbthomas@pobox.com>, Laurence Hurst <L.A.Hurst@lboro.ac.uk>, debian-user List Debian <debian-user@lists.debian.org>, IPv6 List Debian <debian-ipv6@lists.debian.org>
Subject: Re: IPv6 and DNS
From: Bastien Durel <bastien@geekwu.org>
Date: Wed, 13 Jul 2011 14:02:48 +0200
Message-id: <[🔎] 1310558568.2356.24.camel@data-dev4>
In-reply-to: <[🔎] 4E1D77FB.5000400@affinityvision.com.au>
References: <[🔎] 1310478368.8750.YahooMailClassic@web59506.mail.ac4.yahoo.com> <[🔎] 4E1C63A7.4040806@gmail.com> <[🔎] 20110712163021.GC72320@diss-84-211.lut.ac.uk> <[🔎] B118254F-3ABC-4670-8E7D-F5DB216D30B7@pobox.com> <[🔎] 4E1D77FB.5000400@affinityvision.com.au>

Le mercredi 13 juillet 2011 à 20:48 +1000, Andrew McGlashan a écrit :
> Hi,
[...]
> Many using 3G USB modems are opening themselves up to abuse if (by 
> default) having their machines directly connected to the Internet.  Any 
> machine that is directly accessible via the Internet _must_ have 
> suitable security, ie a restrictive firewall at least.  I can just 
> imagine all the Windows laptops (well, not just Windows, but hey), 
> becoming owned just because they are using a 3G USB modem directly on 
> their machine without a firewall -- this will be amplified for those on 
> ANY network that has open slather via IPv6 addressing.
NAT-like "security" may be enabled with 2 rules on the router/firewall
ISPs send to their customers.

ip6tables -A INPUT -i wan -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i wan -j DROP

Actually you need to accept some icmpv6 packets, then we need another
rule ;)

If ISPs sent their modem/box/router/whatever properly configured
(default configuration disallowing incoming connections), there is no
more security issues than with the ipv4/NAT setup.

-- 
Bastien Durel

Reply to:

References:
- Re: IPv6 and DNS
  - From: Go Linux <golinux@yahoo.com>
- Re: IPv6 and DNS
  - From: Scott Ferguson <prettyfly.productions@gmail.com>
- Re: IPv6 and DNS
  - From: Laurence Hurst <L.A.Hurst@lboro.ac.uk>
- Re: IPv6 and DNS
  - From: Rick Thomas <rbthomas@pobox.com>
- Re: IPv6 and DNS
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: IPv6 and DNS
Next by Date: mounting USB disk
Previous by thread: Re: IPv6 and DNS
Next by thread: Re: IPv6 and DNS
Index(es):
- Date
- Thread