[arin-ppml] IPv6 in the Economist

On Jun 8, 2008, at 3:55 PM, Michael H. Warfield wrote:
> 	What is, err, disturbing is that a significant number of XP systems
> have ended up with IPv6 enabled and yet nobody knows how it happened.
> That a globally addressable and routable protocol "magically  
> appears" on
> a box without the user having done it is very disturbing from a  
> security
> standpoint.  Some users have thought that it was due to a Microsoft
> update, but we know that to NOT be the case.  This has happened even  
> on
> some embedded systems, such as POS terminals.
>

I've had some discussions on this problem with a few people at  
Microsoft. So that I'm not accidentally revealing anything that was  
told to me that wasn't meant for public consumption, I'll limit myself  
to what I told THEM to get the ball rolling, and leave some names out.

A good number of users turned IPv6 on in one way or another after  
hearing about it, failing to get it working and not completely turning  
it back off. Or it did work at one point, then later broke.

One "personal firewall system" had the foresight to realize that IPv6  
might want to be firewalled as well. But just for it to install it's  
v6 firewall, it turned the v6 stack on. Even if you weren't using v6.  
The argument appeared to be "The user might turn v6 on later and our  
firewall wouldn't have protected them".

There also were a few smaller software packages that tried to be  
helpful and make sure v6 was enabled on Windows so that their v6  
support worked. This seemed to break things far worse than it helped.

But, there are also people who are finding it's turned on and there  
just seems to be no reasonable explanation. Embedded systems are a  
great example. This is a significant problem for anyone deploying AAAA  
records. This is a few months out of date, but here's a comparison of  
the number of random users who have working v6 stacks to broken v6  
connectivity on a highly-nontechnical popular website:

http://www.your.org/v6clients.png

Essentially, of the users visiting the site what percentage are able  
to load a 1x1 image via v6? (working clients)  What percentage were  
unable to load an image that had both v4 and v6 addresses? (broken  
clients)

The peak starting in early 2007 seems to roughly correlate to the  
uptick in Vista users, but not 1:1.

This is part of what I want to really closely document with the stuff  
going on at http://www.ipv6experiment.com... which really really  
really honestly is coming soon now. :)

-- Kevin