From owner-freebsd-stable@FreeBSD.ORG Wed Mar 5 23:26:33 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABDD4106566C for ; Wed, 5 Mar 2008 23:26:33 +0000 (UTC) (envelope-from peter@wemm.org) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.248]) by mx1.freebsd.org (Postfix) with ESMTP id 784968FC15 for ; Wed, 5 Mar 2008 23:26:33 +0000 (UTC) (envelope-from peter@wemm.org) Received: by an-out-0708.google.com with SMTP id c14so480538anc.13 for ; Wed, 05 Mar 2008 15:26:32 -0800 (PST) Received: by 10.100.249.9 with SMTP id w9mr8173462anh.95.1204759592653; Wed, 05 Mar 2008 15:26:32 -0800 (PST) Received: by 10.100.8.6 with HTTP; Wed, 5 Mar 2008 15:26:32 -0800 (PST) Message-ID: Date: Wed, 5 Mar 2008 15:26:32 -0800 From: "Peter Wemm" To: "Brandon S. Allbery KF8NH" In-Reply-To: <87800D7B-3866-4FC0-B757-BF2AB808920E@ece.cmu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200803052231.m25MVl0p066992@drugs.dv.isc.org> <87800D7B-3866-4FC0-B757-BF2AB808920E@ece.cmu.edu> Cc: Vadim Goncharov , Jeremy Chadwick , Mark Andrews , FreeBSD Stable Subject: Re: INET6 -- and why I don't use it X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 23:26:33 -0000 On Wed, Mar 5, 2008 at 2:44 PM, Brandon S. Allbery KF8NH wrote: > > On Mar 5, 2008, at 17:31 , Mark Andrews wrote: > > > >> On Wed, Mar 05, 2008 at 03:00:29PM +0000, Vadim Goncharov wrote: > > >>> * The last I read about IPv6 in mainstream news, there were major > >> concerns cited over some of the security aspects of the protocol. I > >> also remember reading somewhere that IPv6 was supposed to address > >> issues > >> like packet spoofing and DoS -- what became of this? > > > > Someone was feeding you a load of horse @$$!. > > When Marcus Ranum is one of those questioning its security, I'm > inclined to believe him. (Google "mjr ipv6 security" --- his point > in a nutshell is that we're going to be fixing old IPv4 holes in new > guises for a while.) IPv6 has got enough rope (features) that you can hang yourself in most of the same ways as ipv4. If anything, these 'enhanced' versions of ipv4 features give you new and exquisitely delicious ways of screwing yourself. eg: You can do the same kinds of damage with source routing in both ipv4 and ipv6 when it is enabled. OS developers can make the same mistakes parsing options in both. And so on. (Who remembers the ipv4 'ping of death' in the early 90's? you could send a packet with a zero-length option to random hosts and instantly kill them) -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell