"Could well be. The talks are shorter this year (30min instead of 45) and there are two streams, so there will be lots of speakers. Maybe they should have added an extra day..."

"I'll be there too (and speaking)."

"Simply a matter of remembering that everything you did to protect you IPv4 network you need to do for your IPv6 network. In this case they had firewall protection for IPv4 but not for IPv6. Running dual stack does mean that you have to do everything…"

"Hi Michael, No, I haven't looked into this further. Our firewalls for v4 and v6 are different generations and the ACLs differ massively in number, so there is no easy comparison. To be meaningful we probably need similar traffic flows for v4…"

"Hi Joe, We have 23 sites with firewalls which use the Internet to communicate with each other as well as providing public services. Our biggest site used to have over 10,000 rules (almost all allow rules with a default deny), but we simplified our…"

"Joe - Agreed. It can't be used on its own but will need additional attack vectors. To get inside our firewalls generally requires someone to run a executable in email or click on a malicious page. Being on-link means that an internal infected…"

"The fact that the attacker needs to be on-link is a big help for us. We have lots of subnets and the attacker would need to be on the same subnet to use this. Not much help for people who may have a large single subnet and they don't trust the…"

"I don't like temporary addresses as they are designed to make it virtually impossible to trace a machine. We would need very sophisticated logging to keep track of who was using what temporary address at a particular time. We often get external…"