nanog mailing list archives

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

From: Owen DeLong <owen () delong com>
Date: Mon, 14 Dec 2009 00:58:45 -0800

UPnP is a bad idea that (fortunately) doesn't apply to IPv6 anyway.

You don't need UPnP if you'r not doing NAT.


wishful thinking.

you're likely to still have a staeful firewall and in the consumerspace

someone is likely to want to punch holes in it.

Yes, SI will still be needed. However, UPnP is, at it's heart a wayto allow

arbitrary unauthenticated applications the power to amend your security
policy to their will.  Can you possibly explain any way in which such a
thing is at all superior to no firewall at all?

I would argue that a firewall that can be reconfigured by any applet auser

clicks on (whether they know it or not) is actually less useful than no

firewall because it creates the illusion in the users mind that thereis a

firewall protecting them.

Owen

Current thread:

Re: Consumer Grade - IPV6 Enabled Router Firewalls., (continued)
- - - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 12)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joe Greco (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Simon Perreault (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mikael Abrahamsson (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joe Greco (Dec 11)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joel Jaeggli (Dec 13)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Michael Loftis (Dec 13)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. gordon b slater (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mohacsi Janos (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joel Jaeggli (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Steven Bellovin (Dec 14)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joakim Aronius (Dec 15)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 15)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joakim Aronius (Dec 16)
    - Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 15)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Steve Bertrand (Dec 02)

(Thread continues...)