[ipv6hackers] IPv6 security (slides and training)

Fernando Gont fgont at si6networks.com
Sun Nov 13 05:58:53 CET 2011

On 11/11/2011 10:27 PM, Owen DeLong wrote:
> 1.	Inertia
> 2.	Fear of the unknown (We don't know IPv6. IPv4 NAT is familiar. The
> 	devil we know...)

Yep. And the more people insist in highlighting the differences between
IPv6 and IPv4 (rather than their similarities), doesn't help.

Whenever I give a talk on an IPv6 aspect, I try, to the extent that is
possible, to port v4 stuff the the v6 world, and vice versa.

> 3.	Misunderstandings
> 	a.	"There is no multihoming solution in IPv6"

Are you referring to SHIM6?

> 4.	They went to someone's IPv6 security lecture and came away with
> 	the sound bite "Don't deploy IPv6 on any production network unless
> 	you absolutely have to."

I don't think one needs to get to any sort of talk to know that you
don't play with production networks. i.e., you deploy stuff because you
really need it. -- whether that means that you're going to get more
money from customers, whether that it improves the security of your
network, etc.

So the argument is not bad "per se". The point here would be that "if
you need IP addresses, you really need IPv6, and hence you really need
to deploy it".

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list