[OpenWrt-Devel] OpenWRT IPv6 firewall

Gert Doering gert at greenie.muc.de
Mon Jul 21 03:07:31 EDT 2014


On Sun, Jul 20, 2014 at 03:50:24PM -0700, David Lang wrote:
> >I'm well aware of all the bullshit that is knocking on my doors all
> >day.  Point is, firewalls on the *routers* are not goint to help the
> >laptop that moves around, attaches to a Wifi Hotspot, is hacked there,
> >gets moved back behind your firewall, and starts hacking others from
> >there.  And it doesn't help the desktop PC that neglected to do any
> >updates, gets infected by flash/pdf/word exploit, and starts scanning
> >your network, behind the firewall.
> The problem here isn't with laptops, it's with TVs, light Bulbs, 
> Thermostats, digital picture frames, etc.
> These are the types of devices that I'm worried about protecting.

Yes, so how do you protect them from the malware on your PC and Laptop,
which both are behind the firewall?

A hacker "from the wild" is likely to not even *find* the device if it's
using EUI64 IPv6 addressing and not registered in DNS, while an attacker
on the same LAN just needs to ping ff02::1 to see them all, wide open...


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20140721/d26bca99/attachment.sig>
-------------- next part --------------
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list