Re: New (-02) version of IPv6 CPE Router draft is available for review

[Alain Durand <alain_durand@cable.comcast.com>]

On 7/24/08 6:29 AM, "EricLKlein@softhome.net" <EricLKlein@softhome.net>
wrote:

> Having a known address is not the same as advertising it out to anyone that
> is locally connected. Admittedly it is only a short term improvement until
> the fixed address becomes commonly known via the internet, but even then it
> is only a problem if someone comes to the area of a wireless network where
> the security has not been changed from the default.
> 
> Consider the situation as follows:
> Person x goes and buys a WiFI router to connect to their DSL link. But prior
> to connecting to the DSL they plug it in to configure it. The only way that
> someone would know to try to configure it would be to see it in their
> available networks and then recognize the brand and to try to connect to the
> default IP address. Vs. Someone sees a new hotspot advertising a "come
> configure me" service. In the first case you need to proactivly go looking
> for things to hack, in the second you are invited in to do so.
> 
> Maybe I am alone on this, but I prefer to make the hacker try harder without
> inviting them inside.


Eric,

The property of well known address is that, well, they are well known. So if
a vendor start to use fe80::1, I guess most vendors will use it and there is
little guesswork to be done.

Now, with service discovery, I would expect that as soon as the device is
configured the first time, some king of security will be put in place, if
only using a password. This can be done before the ISP connection is up. If
the user decide not to use a passwd or any other form of security, well,
this is a different issue.

I have seen this discovery being implemented already: simply try to
configure an Apple airport.

  - Alain.