Home page logo
/

nanog logo nanog mailing list archives

Re: IPv6 end user addressing
From: Greg Ihnen <os10rules () gmail com>
Date: Thu, 11 Aug 2011 17:49:03 -0430


On Aug 11, 2011, at 5:05 PM, Owen DeLong wrote:


I respectfully disagree. If appliance manufacturers jump on the bandwagon to make their device *Internet Ready!* 
we'll see appliance makers who have way less networking experience than Linksys/Cisco getting into the fray. I 
highly doubt the pontifications of these Good Morning America technology gurus who predict all these changes are 
coming to the home. Do we really think appliance manufacturers are going to agree on standards for keeping track of 
how much milk is in the fridge, especially as not just manufacturing but also engineering is moving to countries 
like China? How about the predictions that have been around for years about appliances which will alert the 
manufacturer about impending failure so they can call you and you can schedule the repair before there's a 
breakdown? Remember that one? We don't even have an "appliance about to break, call repairman" idiot light on 
appliances yet.

What standards?  The RFID tag on the milk carton will, essentially, replace the bar code once RFID tags become cheap 
enough. It'll be like an uber-barcode with a bunch more information.

For keeping track of how much, cheap sensitive pressure transducers will know by the position of the RFID tag 
combined with the weight of the thing at that location in the refrigerator. There's no new standard required.

The technology to do this exists today. The integration and mainstream acceptance is still years, if not decades off, 
but, IPv6 should last for decades, so, if we don't plan for at least the things we can see coming today and already 
know feasible ways to implement, we're doomed for the other unexpected things we don't see coming.


What reads the RFID's and the pressure sensors? What server or application receives this data and deals with it 
according to the user's desires? How does that data or the information and alerts this system would generate get to the 
user's devices? There has to be a device in the home or a server somewhere for a service the home owner subscribes to 
which keeps an inventory of all these things and acts on it. 

Do you really think it's going to be common place for people to have this kind of technology and more importantly use 
it?

I think the kitchen you foresee is the kind of dream kitchen the kind of people who imbed RFID chips in themselves so 
they can have a house that opens the doors and turns on the lights as they approach.

You don't have a chip in you, do you?


But I predict the coming of IPv6 to the home in a big way will have unintended consequences.


Definitely.


I think the big shock for home users regarding IPv6 will be suddenly having their IPv4 NAT firewall being gone and 
all their devices being exposed naked to everyone on the internet. Suddenly all their security shortcomings (no 
passwords, "password" for the password etc) are going to have catastrophic consequences. I foresee an exponential 
leap in the  number of hacks of consumer devices which will have repercussions well beyond their local network. In 
my opinion that's going to be the biggest problem with IPv6, not all the concerns about the inner workings of the 
protocols. I'm guessing the manufacturers of consumer grade networkable devices are still thinking about security as 
it applies to LANs with rfc 1918 address space behind a firewall and haven't rethought security as it applies to 
IPv6.


Sigh... 

Continuing to propagate this myth doesn't make it any more true than it was 10 years ago.

I'm sorry, what was the myth there? The public overall uses bad passwords and knowingly does not comply with security 
best practices? More connectivity is going to bring more problems and exploits? Those myths?


NAT != Security
End-to-End addressing != End-to-End connectivity
It will not be long before the average residential IPv6 gateway comes with a default deny all inbound stateful 
firewall built in. Once you have that, your hosts are not exposed naked to everyone on the internet. In fact, they 
are no more exposed than with NAT with the key difference being that if you choose to expose one or more hosts, you 
have the option of deliberately doing so.

We'll see.


Actually, I know for certain that most of the CPE manufacturers are participating in the effort to draft better 
security requirements for residential gateways as a current ID and hopefully an RFC soon. I believe, as a matter of 
fact, that this is a BIS document being intended as a more comprehensive improvement over the initial version.

Owen




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault