14 May
2017
14 May
'17
5:06 a.m.
Yes, I can see your example. Fortunately, one thing I
have seen so far
is routers being supplied with all inbound connections stopped.
Furthermore, mine doesn't allow you to totally disable the firewall,
only for specific hosts (which I have done for some key Linux systems),
or for specific ports on specific hosts (which I did on Windows for
testing - I never leave Windows exposed to the net). Now with a router
like mine, your scenario wouldn't work, because the temporary IP
addresses would never be allowed to pass.
So, there are ways to build it into the router design
to make it harder
for people to shoot themselves in the foot. :)
Yes, I think there has been some ISP/Manufacturer working group to get this
cleared up and defined. My ISP waited with IPv6 rollout until this was
resolved, and the router they deliver does exactly what you describe above.
When IPv6 was designed, the idea was still that every host should be able
to communicate with every other host. That has proven to be a bad idea
on an open network, so IPv6 had to be crippled to make it viable. But that
at the same time removes one of the major incentives to roll it out, as NAT
can be used as an alternative solution in most situations. Many places
have still not started IPv6 rollout...
Rob
14 May
14 May
6:05 a.m.
New subject: the current worldwide Windows ransomware situation
On 14/05/2017 7:06 PM, Rob Janssen wrote:
Yes, I think there has been some ISP/Manufacturer
working group to get
this
cleared up and defined. My ISP waited with IPv6 rollout until this was
resolved, and the router they deliver does exactly what you describe
above.
Yes, good solution
When IPv6 was designed, the idea was still that every host should be able
to communicate with every other host. That has proven to be a bad idea
on an open network, so IPv6 had to be crippled to make it viable. But
that
at the same time removes one of the major incentives to roll it out,
as NAT
can be used as an alternative solution in most situations. Many places
have still not started IPv6 rollout...
The reason I prefer IPv6 over IPv4 NAT is it
gives me the option to use
the same ports on multiple hosts on my network. IPv4 NAT is quite
crippling for some of ujs (who also happen to know how to manage our
firewalls ;) ).
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
2749
days inactive
2749
days old
1 comments
2 participants
participants (2)
-
Rob Janssen -
Tony Langdon