Reply to post: Re: Nat as a security measure

IPv6 is great, says Facebook. For us. And for you a bit, too

Frumious Bandersnatch

Re: Nat as a security measure

NAT makes for better privacy. The use of IPv6 without any NAT is likely to make each device in your site uniquely identifiable by its global address.

Sorry, but that's probably the #1 myth about ipv6. If you use SLAAC then the global address for a single host will change over time. See for example, this page which says (emphasis added):

IPv6 provides both a stateful and a stateless address configuration functionality. Stateful address configuration is similar to the existing DHCP functionality in IPv4. IPv6 also supports Stateless Address Auto Configuration (SLAAC). In this mode, nodes can automatically configure their network configuration by generating a local IP address, locating neighbors on the same local segment, locating a default router, and even generating a globally routable address using the prefix supplied by the router through ICMP messages. All of this occurs without any user interaction. Another interesting note is that IPv6 provides the ability to easily renumber these global addresses via the routers on the network instead of configuring the hosts individually. Securing these interactions is definitely something to consider when deploying IPv6.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon