On Mon, 19 Feb 2024 09:16:00 -0800 William Herrin <bill@herrin.us> wrote:
I disagree with that one. Limiting discussion to the original security context (rather than the wider world of how useful IPv6 is without IPv4), IPv6 is typically delivered to "most people" without border security, while IPv4 is delivered with a stateful NAT firewall.
How is v6 being delivered without a stateful firewall while v4 is secured with one? FWIW, in the decade we have been providing dual-stack by default, I have made a bit of a hobby out of testing every CPE and SOHO router that I get may hands on in my PON lab. I've never once seen a device that has v6 support and didn't have a stateful v6 firewall on by default (if v6 was "on"). By whom and how is this being delivered? --TimH