MR> But there are benefits already. If you run servers you see tons of MR> scanning and brute force attacks, e.g. ssh. I haven't seen any MR> considerable scanning for IPv6 yet.
It will come, though it wouldn't be brute force by address, as the address space is so huge. It's more likely to be DNS based, targeting hosts that have AAAA records, as well as other situations where once an IPv6 host is discovered by some other means, scanning will commentce.
MvV> With IPv4 and NAT one can only ping the router. With IPv6 every device MvV> on the LAN can have its own public address. You can ping my fido MvV> machine at fido.vlist.eu. You can ping my RIPE-ATLAS probe at MvV> atlas.vlist.eu. You can ping my wife's computer at pozel.vlist.eu when MvV> it is switched on. Etc, etc.
While all of my devices have public IPv6 addresses, you can only ping the ones that I have setup as servers. The others are blocked for unsolicited incoming traffic by my firewall, which blocks everything inbound by default.
MR> At the moment we still have the chance of a smooth transition, but as MR> longer we wait and postpone as more rough it will become.
MvV> I think we are already too late for a smooth transition. The IPv6 MvV> adoption should have been completed before IPv4 ran out. The fact that MvV> people revolt against DS-Lite and still want a public IPv4 address MvV> illustrates that.
Yes, I can see things getting very bumpy for the masses, once IPv6 becomes something that is necessary.
... I am Procrastitron. I will destroy you, eventually. --- MultiMail/Win32 v0.49 * Origin: Freeway BBS - freeway.apana.org.au (3:633/410)
