Petri Helenius wrote:
Crist Clark wrote:
And the counter point to that argument is that the sparse population of IPv6 space will make systematic scanning by worms an ineffective means of propagation.
Any by connecting to one of the p2p overlay networks you'll have a few million in-use addresses momentarily.
Preventing abuse of information available from databases maintained by P2P services is an emerging and interesting area of info sec. It may become more so as other means of harvesting "live" addresses become less productive. In The Future, the addresses of live hosts to attack may become an underworld commodity like valid email addresses are now. All of those are better than having Blaster or Slammer propagate so easily. At least make the malware authors work for it. If you were behind NAT, you couldn't use those P2P applications. So, yeah, you were safe on your limited-functionality, pseudo-IP, NATed connection from the Big Bad P2P. And if you still want "the protection of NAT," any stateful firewall will do it. IMHO, if there is any reason NAT will live on in IPv6 it is the PI space issue. Even the NAP draft comes out and says, 4.7 Multihoming and renumbering Multihoming and renumbering remain technically challenging with IPv6... That plus the problems with the unique local proposals make it quite likely that NAT will not completely disappear should IPv6 become widespread. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387