undefined | Better HN

0 pointsCircleSpokes3y ago0 comments

>In IPv4 NAT is used to make sure your laptop isn't exposed to random script kiddies trying to scan for vulnerable services behind your router. A fun exercise is to plug a RaspberryPi up directly to a public facing IP address and log every packet it receives. Then give those scripts a few services to detect (HTTP server, SSH server, etc.) and look at how the traffic shifts from scanning for ports to scanning for vulnerabilities. Being connected directly to the public internet is a real eye opening experience.

That isn't really feasible with IPV6 though is it? The smallest IPV6 subnet is 18,446,744,073,709,551,616 addresses, so even if you setup a Pi fully open to the world with default passwords the chance of someone scanning it is basically zero. That type of scanning only works because the IPV4 range is so small (& you can efficiently ignore large parts of it like the US DOD space, private addresses, etc).

0 comments

bauruine3y ago

Yes at the moment the IPv6 internet is way more secure even without a firewall but there are possible attacks to enumerate the used IPv6 addresses. [0]

[0]: https://isc.sans.edu/diary/Targeted+IPv6+Scans+Using+pool.nt...

j / k navigate · click thread line to collapse

0 comments

bauruine3y ago

Yes at the moment the IPv6 internet is way more secure even without a firewall but there are possible attacks to enumerate the used IPv6 addresses. [0]

[0]: https://isc.sans.edu/diary/Targeted+IPv6+Scans+Using+pool.nt...

j / k navigate · click thread line to collapse