nanog mailing list archives
Re: IPv6, IPSEC and deep packet inspection
From: "Kevin Oberman" <oberman () es net>
Date: Sat, 01 Jan 2005 14:48:21 -0800
From: "Stephen Sprunk" <stephen () sprunk org> Date: Fri, 31 Dec 2004 22:42:17 -0600 Sender: owner-nanog () merit edu Thus spake <bmanning () vacation karoshi com>as one who has been "bit" by this already - i can say amen to what Rob preacheth... the hardest part is getting folks up to speed on IPv6 as a threat vector.Are there any layman-readable presentations or whitepapers out there that discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL tuning might be different?Swat teams that can neutralize an IPv4 based flareup in minutes/ hours can take days/weeks to contain a v6 channel...The thing about that is that, if IPv6 is identified as the channel, it's still quite possible to shut down IPv6 connectivity until you figure out how to fix things. After all, there's nothing significant out there yet on v6 that can't be reached with v4...
Stephen, This may the case in your world, but in mine there are a few major international research projects that are IPv6 only and I am not in a position where I can just shut down IPv6 at some spot and assume that customers won't notice (or at least won't care). -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman () es net Phone: +1 510 486-8634
Current thread:
- Re: IPv6, IPSEC and deep packet inspection Christopher L. Morrow (Dec 31)
- <Possible follow-ups>
- Re: IPv6, IPSEC and deep packet inspection Stephen Sprunk (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Sean Donelan (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection bmanning (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Hank Nussbacher (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nicolas FISCHBACH (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Kevin Oberman (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Manish Karir (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nils Ketelsen (Jan 04)