William Herrin wrote:
If your machine is addressed with a globally routable IP, a trivial failure of your security apparatus leaves your machine addressable from any other host in the entire world which wishes to send it
Isn't that the case with IPv6? That the IP is addressable from any host in the entire (IPv6) world? And isn't that considered a good thing? I don't think that being addressable from anywhere is a security hole in and of itself. It's how you implement and (mis)configure your firewall and related things that is the (potential) security hole. Whether the IP is world addressable or not
with all your stuff. Yet when you forget to throw the deadbolt, it does stop an intruder from simply turning the knob and wandering in.
Personally I prefer car analogies when it comes to explaining (complex) computer matters. ;-) Greetings, Jeroen -- Earthquake Magnitude: 5.2 Date: Monday, November 14, 2011 22:08:15 UTC Location: eastern Turkey Latitude: 38.6644; Longitude: 43.0993 Depth: 10.00 km