16 Dec
2012
16 Dec
'12
5:39 p.m.
On 16/12/12 16:52, John Winters wrote:
On 16/12/12 13:30, Chris Dennis wrote:
[snip[
That's a good idea. The section "The default IPv6 source address" at
https://tools.bitfolk.com/wiki/IPv6 describes how to set up the outbound
address, and I've done that for my VPS, but it hadn't occurred to me
that I could stop all incoming traffic on that address at the firewall.
cheers
Chris
--
Chris Dennis cgdennis(a)btinternet.com
Fordingbridge, Hampshire, UK
One thing that struck me from a quick reading of
that was the use of
logfiles for collecting IPv6 addresses. If I set up a website with
something tempting on it, I could then extract the IP addresses of
visitors, and sell them to would-be attackers, in the same way that
people sell lists of email addresses to spammers.
Is there any mileage in configuring each NIC with two quite different
IPv6 addresses, one to be used for outbound connections, but with
nothing at all listening on it? Any services which need to listen for
incoming connections then listen on the second address.
Would seem to render that particular attack vector useless.