• The Doctor@beehaw.org
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    A common requirement in government contracts is “there must be no IPv6 support, and if there is it must be verifiably disabled to decrease the size of the vulnerability surface.”

    Many years ago, that misconfigured firewall that let IPv6 traffic through without even bothering to log it, resulting in a years-long compromise scared a lot of govvies, but unfortunately it taught them the wrong lesson.

    Source: I’m a former Beltway Bandit.

      • The Doctor@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        The wrong lesson learned was, “don’t use IPv6.” Which has, to a large extent, hurt the uptake of IPv6 everywhere, because “if the government doesn’t use it, we’re not going to use it.” Rather than do something sensible, like enable the IPv6 functionality of the firewalls and configure them properly.