| 1 |
>> Tests done by a colleague show that, right now, the amount of inbound ipv6 |
| 2 |
>> traffic on his systems is none but I can perfectly understand your concerns |
| 3 |
>> even if they should apply only to the network stack itself, as the daemons |
| 4 |
>> listening to v6 should be the same that listen to v4, once configured for dual |
| 5 |
>> stack. |
| 6 |
>> |
| 7 |
>> Anyway, ipv6 has a chance to become relevant by the end of the year as China |
| 8 |
>> and India (among others) won't have quite enough v4 addresses in stock to |
| 9 |
>> support the growth of their networks. |
| 10 |
> This is precisely the point. While on the one hand, it has little |
| 11 |
> current use and does potentially increase attack vectors, on the other |
| 12 |
> hand, ipv4 is depleted and ipv6 is on the horizon. |
| 13 |
> |
| 14 |
> I looked at gentoo bugs for ipv6 and didn't find anything serious. I'm |
| 15 |
> still leaning towards unmasking it. |
| 16 |
> |
| 17 |
|
| 18 |
It's the whole catch 22 that there isn't any traffic because it's not |
| 19 |
deployed and not deployed because there is no one to talk to... |
| 20 |
|
| 21 |
I think we all have to transition to ipv6 quite quickly so the only |
| 22 |
sensible option is to bite the bullet and enable it. I have it enabled |
| 23 |
on all my hardened servers... |
| 24 |
|
| 25 |
I would have thought the sensible rollout strategy for organisations is |
| 26 |
to start gently with internal only deployments to get experience and |
| 27 |
gradually incorporate the rest of the internet as it becomes more |
| 28 |
common. Hopefully in this way most problems will be limited to internal |
| 29 |
only at first... |
| 30 |
|
| 31 |
Cheers |
| 32 |
|
| 33 |
Ed W |
Archives