[GTALUG] Linux hardening question

James Knott james.knott at rogers.com
Thu Jun 29 17:05:38 EDT 2017


On 06/29/2017 04:06 PM, Ansar Mohammed wrote:
> Not really. We have a 12% adoption of IPv6 in Canada. 

And growing.  Rogers started offering IPv6 a bit over a year ago.  It's
now available to every cable and cell customer (some cable customers may
need a new modem).  Telus has also had it for a while, along with
Teksavvy over ADSL.  There are other Canadian companies that are
offering it, though Bell seems to be stuck.  There are simply not enough
IPv4 addresses to go around and there hasn't been for quite some time. 
Some carriers are providing IPv4 only via carrier grade NAT, which means
you can pretty well forget about accessing your own network.  Also, IPv6
brings with it some security features.  For example, IPSec was
originally designed for IPv6 and then added to IPv4.  IPv6 can also use
something called "privacy addresses", where a random number is used to
form part of your address.  These addresses change frequently, so it
would be difficult to attack them.  There are other security benefits to
IPv6 that are not available in IPv4.

Like it or not, IPv6 is coming.  Better get used to it.

I've been running IPv6 for over 7 years and have been using that time to
learn about it.  As for address space, the smallest amount an ISP is
supposed to provide is a /64 prefix.  That leaves the customer with 2^64
addresses.  I have a /56 prefix from Rogers, which gives me 2^72
addresses or 256 /64s.

Now, given that other than the address space, IPv6 is pretty much the
same as IPv4, what are you afraid of?



More information about the talk mailing list