MSGID:  aae623fe
REPLY: <10j3tmk$29ec2$1@dont-email.me> c52105ea
PID: PyGate 1.5.2
TID: PyGate/Linux 1.5.2
CHRS: ASCII 1
TZUTC: 0000
REPLYADDR invalid@invalid.invalid
REPLYTO 3:633/10 UUCP
Pancho  writes:
> The Natural Philosopher wrote:
>> David Higton wrote:
>>> What I particularly like about IPv6 is that NAT/NAPT are simply not
>>> necessary
>> So making the implementation of a firewall absolutely mandatory
>> 
>
> Linux IPv6 does appear to use random IPv6 address for outbound
> connections, which have a limited lifespan. This appears to be
> something like 1-7 days, but if very short lifespans were used it
> could offer a protection similar to NAT. I need to investigate a bit
> further, but I don't think IPv6 needs to be inherently less safe.

NAT does not offer any protection. The reason that a typical domestic
NAT-equipped router protects you from inbound connections is that it has
a firewall as well.

(Getting a packet addressed to your internal addresses to your external
interface is inconvenient for many attackers, for sure, but
striaghtforward for your ISP or anyone who can hack or coerce them.)

-- 
https://www.greenend.org.uk/rjk/

--- PyGate Linux v1.5.2
 * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 112 134 200 206 275 300 317 400 426
SEEN-BY: 229/428 470 616 664 700 705 266/512 291/111 292/854 320/219
SEEN-BY: 322/757 342/200 396/45 460/58 633/10 280 414 418 420 422
SEEN-BY: 633/509 2744 712/848 770/1 902/26 2320/105 5020/400 5075/35
PATH: 633/10 280 229/426