[citation][nom]palladin9479[/nom]The is a big reason people are not comfortable using IPv6. A large part of your address is your PC's MAC address, every connection is uniquely identifiable down to a specific PC. The internet currently is more or less anonymous because the closest you can trace someone's unique identifier (IP) is to their ISP, which most are resistance to handing over their lists. With IPv6 you can track down to the PC, even identify the NIC being used.Also NAT is nearly impossible to do with IPv6, no in fact it ~is~ impossible to do with a pure IPv6 system. The engineers that designed the specs for IPv6 got all snotty and swore NAT should never be used without taking a look at the 2nd biggest reason to use it. NAT can hide an entire range of private IP's behind a single public IP. This makes your private network invisible to anyone outside of it and forces all external traffic through a security device that filters and translates the requests. This in effect makes every single NAT router a firewall device by default, and a very effective one at that. When you combine a state full packet inspection software with NAT you get a secure router / FW that is nearly impervious to hacking. The only way through is to find an open port (port mapping) and hope you can do a buffer overflow on whatever is on the other side of the port-mapping. But a hacker can't see whats on the other side, so its blind hacking at best.I've built my own Linux based router by using CentOS 5 + Via Epia platform with 4x GB Ethernet interfaces. Using shorewall + snort and watching the logs I get hack attempts every 3 seconds or so. Usually by what appears to be someone sending packets to an entire range of known ISP IP's hoping a few reply and are hackable. My router discards these packets without even replying to them. This technique would be nearly impossible on a pure IPv6 system because my internet systems are exposed to the entire g'damn world. Their each uniquely addressable, and while the state full packet inspection would still be scanning, a hacker would be able to address packets to specific clients. More ever they could scan the packets coming from an ISP and map the location and nature of every single client attached to that ISP.On this same note, ISP's could then charge you based on your "network device count" instead of a single charge. Since there is no way to hide your internal network layout from your ISP, they could easily say "hey looks like you got five devices there, that is $39.99 USD each". Five devices is router + XBOX 360 + PS3 + smartphone + PC.IPv6 gives unprecedented control of the network to a network administrator, it alleviates the IP address congestion we're facing and for these reasons network engineers love it. But it pose's serious risk home users and corporations alike. It completely removes privacy from the internet. This is the reason everyone has been super slow to adopt it, its neither cost-effective nor a wise move unless you absolutely have to.If they can ever add NAT and masquerading functions to IPv6 then you'd see a huge migration of ISP's and major networks over to it. IPv6 has been supported by nearly every network device for the past five years. Your $80 home router supports it now, and you can get its support on Windows XP and beyond.[/citation]
Correct me if I am wrong, but why couldn't the internal network be IPV4 private use subnets? I mean the run-out-of addresses scenario only applies to the "internet". I don't really see the need for "pure" ipv6, ever. In fact, I would bet that ipv4 never goes away, but just evolves to serve the internal portion of your network. Am I missing something? I see the "network device count" and "internal net devices exposed" as being non-issue.
/www.tcpipguide.com/free/t_DNSChangesToSupportIPVersion6.htm
Facebook
Twitter