IP v6 Security
Bo Nilso
bnilso@csc.com
Sun, 22 Jul 2001 21:11:48 +0200
Hi! Thanks for this, and all other replies to my question.
A general question: Will it be harder to build FW´s for IPv6 vs IPv4,
keeping in mind the fact that multiple header concept might make it harder
(slower, cpu-consuming) trying to filter and do stateful inspection, as the
data needed for making descions for each paket is not on an predictable
position within each IP packet ( it depends on how many different headers
that exist in the IP packet. I think it will. Am I wrong?
/BosseN
-----------------------------------------------------------------
AVS:
Bo Nilsö, CSC Sweden, Linköping
Mail: bnilso@csc.com
Phone: +46 (0) 13 465 3631
-------------------------------------------------------------------
Scott Prader
<gnea@garson. To: 6bone@ISI.EDU
org> cc:
Sent by: Subject: Re: IP v6 Security
owner-6bone@I
SI.EDU
2001-07-21
09:01
* Bo Nilso (bnilso@csc.com) uttered:
> Hi!
>
> Have listen to the mails about DOS attacs on IPv6 network.
>
> I have a more general question: Is there any FIREWALL SW for IP v6? Fuego
> does not have it, Checkpoint does not state to have any product, Cisco
> 12.2T is not anything to use on their PICS FW (as far as I have heard).
> Have anybody else seen anything around? Have anybody geard ANYTHING about
> products in pipeline?
Yes, in Linux kerne 2.4.* there is iptables extensions for ipv6 as well
as many packages and documentation (it's still growing, but usable..
ping6, traceroute6,tracepath6, etc..
.oO Gnea [gnea at garson dot com] Oo.
.oO url [http://gnea.net] Oo.
"You can tune a filesystem, but you can't tune a fish." -Kirk McKusick