What is Digg?Sponsored by AVG
Not All Free Anti-Virus Software Is Created Equal view!
free.avg.com - 2.4 million people a week get AVG Anti-Virus Free, for the best protection against web threats.
56 Comments
- Alfdog, on 10/12/2007, -13/+38I'M IN UR AIRPORTZ EXPOSING UR MACZ
- inactive, on 10/12/2007, -3/+21This is not a Mac flaw. It means that Apple's Airport Extreme (latest) is not firewalling IPv6 traffic. Even a Vista or a Linux will be unprotected. It IS an Airport flaw.
- Kral, on 10/12/2007, -1/+17This isn't a bug in Airport or the Mac, it's a bug in the user that thinks NAT = firewall. IPv6 doesn't need NAT (thank God), so if you've been confusing the two like the author, you're going to need to learn the difference.
- colincornaby, on 10/12/2007, -2/+16Is it just me, or is this favorable functionality for a lot of people? I actually WANT to get to my computers behind my router. FTFA:
"If you don't block incoming IPv6 sessions, you can actually connect to a Mac sitting behind the Airport Extreme from the outside, using SSH or FTP over IPv6, assuming those services are enabled."
Sounds exactly like the sort of functionality I'd want for myself. - noahhoward, on 10/12/2007, -2/+16Is it really even a flaw?
'it lets incoming IPv6 sessions straight through. That is, unless you go in and enable the "Block incoming IPv6 connections" setting in Advanced > IPv6 for the base station.'
It is capable of filtering the IPv6 incoming, it just isn't enabled by default. I'd call it a bad decision but saying it is a flaw, seems to imply that it is incablabe of doing it. - Boondoggle, on 10/12/2007, -0/+10This is not a flaw. This is a configuration that does not provide maximum security out of the box. It is however easy enough to configure the system to increase the security.
You can expose your Mac via IPv4 pretty easily too if you want to. - codergnome, on 10/12/2007, -1/+8What the hell? They're not "exposed", they're addressible. You know, like hosts on the Internet are supposed to be.
These devices will still have firewalls to protect hosts, of course. Firewalls have existed since before NAT was a twinkle in some hacker's eye. - eridius, on 10/12/2007, -1/+8"That's the problem with using Apple produts: You don't even realize what you're missing out on."
If I don't even know I'm missing out, then do I even need that setting? Apparently not. It sounds more like Apple knows how to design hardware that's more usable and user-friendly, whereas everybody else just tries to cram more features into it. - Optimaximal, on 10/12/2007, -1/+7Surely, if you have some sort of passwording enabled, this shouldn't be a problem.
Yes, people can get into SSH and FTP externally, but aren't the OSX variants of these fairly bulletproof, seeing as its based on Unix.
Or am I (as a largely Windows user) missing something really obvious. - sv650touring, on 10/12/2007, -0/+5well, maybe you're gonna get buried for it, but I found your insesitivity to be hilarious.
But wouldn't your first encounter with HPv6 be your current encounter? - colincornaby, on 10/12/2007, -0/+5I go with Airport because every Linksys I've had has flaked out. In addition, the Airport can act as a print server for USB printers, and you can hook up speakers to the Airport Express and then stream music to the speakers. On the new Airports you can plug in a hard drive and it will automatically file share it across the network.
- noahhoward, on 10/12/2007, -0/+5Never had a problem. What sort of things coudln't you configure?
- pt4117, on 10/12/2007, -3/+8It is a flaw. Just like MS having all XP user's set as admin by default, and having pre-SP2 set to not have the firewall on.
- noahhoward, on 10/12/2007, -0/+5Eh, I'm sure someone will tell you it is because Mac fanboys liek shiny expensive things and can't tell a good quality product.
I got mine because I was tired of my Linksys POS crapping out on me all the time, when I was buying my Mac, I looked at the Airport and decided to give it a shot. It works really well for me and is real easy to configure, that and the fact that it doesn't look like an ugly brick sitting on my desk were good enough for me. I'm sure there are other brands that are cheaper and just as good, but that was just the order I went in.
Collin points out some cool features too. - sleepwalkers, on 10/12/2007, -2/+6@pt4117: That's not a flaw in the hardware, that's just a dumbass decision by whoever decided on the default settings.
- eihwaz, on 10/12/2007, -1/+5Me too.
IPv6 is the future, someone has to start using it if we want it to really work. We can't stay on IPv4 forever, this is a good step for the long term.
The only thing they could have done better would have been to keep it disabled by default (since this is how most people still want it), and leave the choice to activate it to the user. This way nerds could have had their ipv6 while leaving untouched the old protocol for common people. - sv650touring, on 10/12/2007, -3/+7oooo, you forgot Belkin. Those things can be a PAIN. "Flaky" doesn't begin to describe them.
I've actually had rather good results with Apple wireless stuff. I try to pick up a little cash on the side, setting people up, and when the folks have Apple hardware, it just seems to work. I even had to extend a network usinf an airport express as a repeater, and it couldn't have been easier. Gave this guy a solid signal in his garage outside of his huge home, first try. Of course, I haven't tried doing anything fancier than that.
Apple Airports probably don't have all the available settings of a Linksys or Buffalo, but for most people most of the time they are the easiest. And I'll tell you, I've wowed many non-techie people with the iTunes integration and easy wireless printing/sharing several times. - raccettura, on 10/12/2007, -0/+4On the plus side, finally a decent IPv6 implementation "for the rest of us".
- valkraider, on 10/12/2007, -1/+5I got tired of having to reboot my Linksys every three hours.
- noahhoward, on 10/12/2007, -0/+3"That's the problem with using Apple produts: You don't even realize what you're missing out on."
If you tell me there's a router out there that can do my dinner for me, I'm going to be pissed. - mennis, on 10/12/2007, -0/+3I have an airport. It works great. I also have an few Linksys devices, pre and post Cisco acquisition which also work great. I have found that more complex configurations ( e.g. tunneling ) on consumer level Linksys gear is non-intuitive. I have not tried the same thing with airport since I only have one.
- randf, on 10/12/2007, -0/+3good reading, but headline is a little bit misleading....not much more helpful than:
New Airport Extreme could expose Macs to the internets! - unununium, on 10/12/2007, -0/+3Yes except people are required to pass a driving test before they can drive on the road with other people. No one has to take a test to hook up computers to the Internet.
- gentooian, on 10/12/2007, -1/+4If you can't trust SSH, what can you trust?
- ohmar, on 10/12/2007, -0/+3Yeah, so most people just run from their modem to their access point then (wirelessly) to their computers. It would make sense that the firewall would be combined with the access point. Now, if the Airport Extreme is not a firewall, then where does apple sell a firewall for those who own Macs and PCs? Also, why would you buy two routers (airport and another for a firewall) when you can just buy a linksys/dlink/.... which is a router + firewall in one box.
- mennis, on 10/12/2007, -0/+3The stateful inspection firewall as we know it today came after NAT. NAT was first implemented as a means for hiding addresses on local networks in the PIX at Network Translations, Inc., which Cisco later purchased. The firewalling was implemented afterwards. The patent for NAT was awarded to said twinkling eyed hacker and author of the PIX, Brantley Coile, co-author of the ATA-over-Ethernet spec.
- nighthwk1, on 10/12/2007, -0/+2You would have to find a DNS server that allows IPv6 AAAA records. Or, add an alias to your hosts file.
Also, unless you have an account with an ISP that supports IPv6 (still rare), then you will need a 6-to-4 tunnel. - mennis, on 10/12/2007, -1/+3/etc/rhosts
:) - inactive, on 10/12/2007, -0/+2Uninformed, reactionary article.
If your line of defense for your Mac is the NAT on your router, you're screwed security wise anyways. The Airport is doing what it's supposed to do - route IPV6 traffic. If you chose to enable this and not firewall your system, well duh.
IPV6 has enough IPs that NAT no longer becomes necessary. NAT provides some lines of defense on your network, but it should not be the only line of defense. - superkendall, on 10/12/2007, -1/+3An airport extreme is not advertised as a firewall. It's a WAP. Why then should it block any traffic by default?
The fact that it can do so at all is a bonus.
Furthermore if all you ever did was hook macs up to the device then there would never be any effect - since Macs have no open ports in the default shipped configuration. So once again saying they should limit IPv6 traffic by default is trying to solve a problem that does not exist for 99% of the people purchasing this device. - switched0, on 10/12/2007, -0/+2i though this was about ipv6 not about what piece of crap home networking equipment you prefer?
Has anyone here that has posted even touched ipv6, or set up a test network with it?
The whole point of IPv6 is to make every device Internet addressable. Use a firewall, whether it be on the device or on the edge of your network, to protect yourself not NAT. NAT is not a security mechanism, it is designed to be a quick and temporary fix to the IP pool problem. From my work with IPv6 tunneling, the only one that is automatic is ISATAP. And you still have to configure an ISATAP interface on your router for your IPv4 hosts to connect to. You can't do a 6to4 tunnel without a little bit of configuring, like defining an endpoint for the tunnel and a start point on your network. It just doesn't go out on the Internet and start connecting to other IPv6 networks.
Do yourselves a favor, go out buy a cisco book on IPv6 implementation and then make your judgments. - randf, on 10/12/2007, -0/+1original Airport BS still running daily since purchasing it in 2001. (ops checked ok on DSL system in Greece, cable system in UK, despite local regs)
Airport Extreme still running daily since purchasing it in 2005.
Airport Express still running daily since 2005.
no hitches that a power on/off never solved. even works great with my work issued thinkpad, and every guest who showed up with a laptop. - lilrabbit129, on 10/12/2007, -0/+1The thing is, a comparable N linksys router is about as expensive as the AE. Also, i'm not sure of the state of DD-WRT for the N routers.
- superkendall, on 10/12/2007, -1/+2Those two links you provided talk about the Vista FIREWALL.
FIREWALL.
What is the AIrport Extreme? It is a WAP (Wireless access point). It is a device that extends the network, wirelessly. Why are you not concerned your ethernet cable also can transmit IPv6 packets?
You are all confused because so often firewalls are built into WAP's. But a WAP does not have to be a firewall. And for Mac owners that buy an Airport Extreme, why would they care if IPV6 traffic can reach them? Mac have no open ports by default, and if a user chooses to open a port then they probably want to be able to reach it from somewhere. And if they don't - then you have the config option to disable said traffic.
I do not use a WAP as a firewall, I have a dedicated Linksys router for that. So I am happy with how the airport extreme ships, because I just need wireless and not a million other features. - mgorbach, on 10/12/2007, -0/+1Can someone post a link on how to access my mac by SSH through IPV6? No way I want to remember that huge address.
Does this require special support from the ISP? - superkendall, on 10/12/2007, -0/+1Th OS X versions are fairly bulletproof, but even better they come disabled so it doesn't even matter how bulletproof they are not - the majority of Macs will never have them enabled, therefore they make a poor target.
OS X ships with no open listening ports by default. - WiZZLa, on 10/12/2007, -0/+1http://www.engadget.com/2007/02/06/vistas-two-faced-firewall-inspected-called-out/
http://reviews.cnet.com/4520-3513_7-6690672-1.html
If it's blocked by default in IPv4, it might as well be blocked by default in IPv6, just for consistency. - dbr_onix, on 10/12/2007, -0/+1Stupid question, but doesn't the Airport need to be assigned a public IPv6 address (Which I'd guess most people don't have.. yet) for anyone to be able to connect via it..?
- Ben - dcamp7gh, on 10/12/2007, -0/+1@ohmar
have you even used a mac? Contextual menus have existed since OS 9s days at least. Two button mice work great without loading any additional drivers... - wjanoch, on 10/11/2007, -0/+0My Airport Extreme-n received an update to 7.1.1 today and the "Block incoming IPv6 connections" is checked by default now.
- mikev, on 10/12/2007, -2/+2In Soviet Russia, IPv6 exposes you!
- GeoffChang, on 10/12/2007, -7/+7I, for one, am going to avoid IPv6. Especially after my first encounter with HPv6.
THE LOTIONS DO NOTHING! - Tyr7BE, on 10/12/2007, -3/+2This is sort of off-topic. Correct me if I'm wrong, but Airport is basically a wireless router, correct? If so, why go with Airport in the first place? I have a linksys WRT54G series router running DD-WRT firmware ( http://www.dd-wrt.com ) and it works like a champ...better than anything I've had to date, and cheaper than an Aiport by far.
- klawz, on 10/12/2007, -4/+3Sounds like what Windows did, make it work, make it open, trust the network - and look what trouble that made for MS.
- WiZZLa, on 10/12/2007, -2/+1I bought an Airport and threw out my Linksys when Cisco started the suit against Apple over the iPhone name. I've banned all Cisco products including the intarnets.
- IPv6IPv6, on 10/12/2007, -1/+0To learn more about IPv6 check out this event
http://www.ipv6.thenewnewinternet.com/
Our expert speakers and panelists, from Government and Industry, will provide attendees guidance and advice, based on first-hand experience, for building and securing a robust IPv6 network infrastructure. They will highlight the benefits of the new protocol, how it fits into the enterprise infrastructure, the technologies that enable it, and the real value it brings. They will also highlight the risks associated with such a large scale transition, and how these risks should best be managed. - ohmar, on 10/12/2007, -3/+1"That's the problem with using Apple produts: You don't even realize what you're missing out on."
You know, like the range of functions that can be assigned to a second mouse button. - ohmar, on 10/12/2007, -4/+2When Microsoft does not automatically block incomming connections in their Windows OS --> Microsoft is blamed for making broken software
When Apple does not automatically block incomming connections in their router/firewall --> Users are blamed for not changing settings
I LOVE double standards. - inactive, on 10/12/2007, -2/+0Folks, you should ALWAYS turn off IPv6 addressing if you don't use it. If you don't know, you most definitely don't use it. It's true on some networks IPv6 traffic can bypass traditional firewalls and segmented VLANs. It all depends on how the network is setup.
IPv6 is great-- and is the future, but right now it's just not widely used. Every machine will need a DNS entry to be identified reasonably. Why? fe80:0000:0000:0000:0211:24ff:fexx:xxxx This is the IP address of the future. An IPv6 address is so long no normal human can remember it, so DNS is the key to good deployment of this addressing scheme.
This is NOT an Apple issue. It's NOT a good statement to the quality of Apple networking gear. - noahhoward, on 10/12/2007, -4/+2No, it's more of a 'flaw' like a car not automatically hitting the brakes for you when you need to stop, a potential problem yes, but easily solved by knowing what you're doing.
-
Show 51 - 56 of 56 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is