On Mar 23, 2014 4:45 PM, <bmanning@vacation.karoshi.com> wrote:
Yo, Tim/Scott. Seems you have not been keeping up.
http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf
points out several unique problems w/ IPv6 and in deployments
where
there are ZERO IPv4 equivalents. Ferg is paranoid, but it doesn;t mean they are not out to get him/IPv6.
Seriously? That's the best you can come up? A three year old presentation? The RA and ND vulnerabilities are just the IPv6 versions of ARP floods and similar attacks. They are well-understood and long mitigated. On the other hand, if you have an IPv4 only network with lots of IPv6 capable devices on it and someone compromises a host to start sending out RAs, what exactly is your defense posture? My comments represent reality. Your security posture is much worse in an IPv4 only configuration than if you enable and control IPv6. Scott