nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: Leen Besselink <leen () consolejunkie net>
Date: Sun, 16 Jan 2011 15:46:17 +0100
On 01/15/2011 11:06 PM, Stephen Davis wrote:

I'm a full supported for getting rid of NAT when deploying IPv6, but
have to say the alternative is not all that great either.

Because what do people want, they want privacy, so they use the
IPv6 privacy extensions. Which are enabled by default on Windows
when IPv6 is used on XP, Vista and 7.

And now you have no idea who had that IPv6-address at some point
in time. The solution to that problem is ? I guess the only solution is to
have the IPv6 equivalant of arpwatch to log the MAC-addresses/IPv6-
address combinations ?

Or is their an other solution I'm missing.

You can solve this problem any of the ways you could solve it in IPv4.
Either assign static addresses from DHCPv6, or assign static addresses
by hand.

If you like privacy, you don't need to even have static from DHCPv6,
you could have a new address every day (if you turn off your machine
daily).

Everything else can just query DNS for the address.
Previous By Date Next
Previous By Thread Next

Current thread: