The group that controls the distribution of IP addresses has passed a resolution that makes it virtually impossible to get more IPv4 addresses. In a strongly worded resolution, ARIN is taking “any and all measures necessary” to “encourage migration to IPv6 numbering”.
ARIN has been preparing for this for this moment for a long time, as their own root servers that control the DNS system across the internet have been upgraded to IPv6 since 2004. While this is a logical first step for the organization responsible for the internet architecture, end users with less sophistication may want to approach the upgrade with caution as the potential pitfalls are numerous, particularly with regard to stateful firewalls. In most IPv4 implementations there is a stateful firewall where external packets can only traverse the network in response to an originating packet from inside the network. Apple’s new Airport Extreme garnered much geek appreciation with it’s IPv6 implementation, but it has received it’s share of bad press from the mainstream publications over these security concerns. As much as the technologist and tester in me would love to implement IPv6 immediately on Webshare’s routers and servers, the responsible sysadmin will likely take a wait-and-see approach and wait for a few BKMs.
There may be a silver lining from this: the examination over the role of a firewall in modern computing. The problem in the above mentioned case arises because the computers behind the router are falsely assuming the all “bad” packets have already been filtered out by a secure firewall. This works fine in the case of corporate servers, but what about laptops on dialup connections, data cards, or open hotspots? Smartphones on cellular networks? If each device were to employ it’s own packet inspection and security measures, these firewall exploits would be far less devastating. Instead, our current reality is that an unpatched machine exposed with no firewall can be compromised in mere minutes.