[ipv6hackers] Is there a telecom company which adpated IPv6 network on LTE?

John Mann john.mann at monash.edu
Fri May 31 06:20:06 CEST 2013 

Luis,

On 29 May 2013 16:51, Luis MartinGarcia. <luis.mgarc at gmail.com> wrote:

> In my opinion, the proper way to protect IPv6 clients that use global
> scope addresses is to place stateful firewalls between the Internet and
> them.


But where?

In the home environment, the CPE is the logical place to exercise central
control over all access from the Internet to the home
e.g. IPv4 port-forwarding, and IPv6 permit to particular hosts.

But, in the cellular or WiFi hotspot environment, there isn't a nearby
firewall that you control.
And on WiFi, there isn't a place for a firewall between you and other
people sharing the same hotspot!

My ISP, Internode does have a basic ACL firewall service available for
ADSL, cellular etc
  http://www.internode.on.net/support/security/network_firewall/
It can be on, or off per subscriber.  When on, it provides
---
*Increased protection against spreading network worms, viruses and email
spam:*
- Outgoing email must be sent via mail.internode.on.net or
securemail.internode.on.net<http://www.internode.on.net/support/email/secure/>
.
- Blocks vulnerable Windows network ports (135, 137, 138, 139, 445) inbound
and outbound.

*Increased protection against intrusion attempts to your broadband router
or server:*
- Blocks web, telnet, ssh and proxy ports (80, 443, 22, 23, 8080, 3128)
inbound (to you) only.
---
This isn't a "stateful firewall" that blocks all incoming connections.
However, I think this inbound and outbound ACL filter is quite a useful
service.

In my opinion, mobile devices (cellular and WiFi) need to implement and be
responsible for their own security.

    John


> NAT is not meant to provide security, even though everyone seems
> to believe that.
>
> Just my two cents.
>
> Regards,
>
> Luis MartinGarcia.
>
>
>
> On 05/29/2013 08:27 AM, 김무성 wrote:
> > One of advantage which deploy ipv6 network on telecom is that all
> smart-phone can have a public IPv6 address.
> > But it cause security problem that hacker can attack smart-phone
> directly.
> > If deploy a NAT6/6 or NAT6/4 device for security, availability of ipv6
> is low
> > And have to have ALG (Application Layer Gateway) device for providing
> service. (ex, SIP ALG for VoIP on LTE, etc)
> >
> > Is there a solution that use public IPv6 address on smart-phone and
> strengthen security?
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> >
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>

More information about the Ipv6hackers mailing list