[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods

[Sander Steffann]

Hi,

> this, of course, could open the whole box of "appropriate ways to discuss (perceived|real|relevant) vulnerability information". not sure if we should do this here ;-)
> That said, the media have their own agenda, regardless of our efforts here or elsewhere.

Oh, if the clueless *want* to be scared of stuff there is no stopping them unfortunately :-)

> Let's hope IPv6 can fly under their radar for some time (it has already been on it, at some point) so we can work on making the IPv6 world a more secure place...

I don't agree. I have IPv6 in production in many places, and no security problems that I didn't also have in IPv4. IPv6 needs to be on the radar *now*. Clueful people should involved in the deployment to make sure the risk/benefit balance is acceptable.

Clueless people ignoring IPv6 because they are scared beyond reason is bad, and clueless people just deploying IPv6 without any concern for security is also bad (because at some point something *will* go wrong, which will increase the 'clueless-and-scared' group). As everything about security: it's all about finding a good balance. IPv4 isn't perfect, and neither will IPv6. Knowing the risks and possible attack vectors is important (which makes this list important) but people need clue to make decisions based on that information.

But we need IPv6 deployment *now*, at least on publicly visible services and access lines (well, we needed that years ago, but that ship has sailed), but only if deployed in a professional way. Staying under the radar is not an option anymore.

Cheers,
Sander