[ipv6hackers] Is there a telecom company which adpated IPv6 network on LTE?

Mike Jones mike at mikejones.in
Wed May 29 13:26:22 CEST 2013


On 29 May 2013 07:27, 김무성 <disaster at sk.com> wrote:

> One of advantage which deploy ipv6 network on telecom is that all
> smart-phone can have a public IPv6 address.
> But it cause security problem that hacker can attack smart-phone directly.
> If deploy a NAT6/6 or NAT6/4 device for security, availability of ipv6 is
> low
> And have to have ALG (Application Layer Gateway) device for providing
> service. (ex, SIP ALG for VoIP on LTE, etc)
>
> Is there a solution that use public IPv6 address on smart-phone and
> strengthen security?
>
>
I would suggest a stateful firewall on the network if you're thinking
bandwidth consumption type attacks. Anything else really needs to be dealt
with on the device, which is the only place that knows what is legitimate
traffic and what isn't.

People who deploy NAT 'for security' normally make the assumption that the
NAT is providing a stateful firewall they actually wanted, but it probably
isn't. A firewall is there to block traffic, a NAT tries to get as many
packets as possible to their destination.

- Mike

Pedantic note: I'm assuming NAT refers to NAPT rather than actual NAT, as
that's what most people use the term to mean. It's one of the few terms I
do use incorrectly because it's easier than having to keep telling people
what a NAPT is. Just to be clear, a NAPT does not provide a stateful
firewall, and will normally guess at where to send something rather than
drop a packet it might be able to deliver.



More information about the Ipv6hackers mailing list