HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fernandomm

no profile record

comments

fernandomm
·2 years ago·discuss
Just a reminder that new versions of Microsoft Outlook store your password and email data on their servers, even when using a non-Microsoft server.
fernandomm
·4 years ago·discuss
Let's not forget about the idea that ISPs would distribute a /56 range to residential users. You could split it in /64 ranges according to your requirements and everything would work fine.

There is only one "minor" issue: all major ISPs in my country ( Brazil ) only provide a single /64. You can't get another /64 unless you upgrade to a very expensive business plan.

That makes IPv6 not only useless but also a huge security issue.

1) I can't use my Mikrotik as a firewall. Trying to split a /64 range breaks things and some devices ( specially IOT ones ) will simply not work.

2) Routers provided by the ISPs here are very limited, specially for things like firewall rules. Some of them will only provide a On/Off switch, with Off option between the default one.

Although IPV4 + NAT had some issues, it ( accidentally? ) created a safe/sane default config for non-technical users. In order to open a port and expose a device, you have to explicitly add a rule on the firewall.

IPv6 is the other way around. In practice, all devices and ports are exposed unless you explicitly block it.

In the last 3 years I've noticed criminals focusing more and more on IPv6 scans to compromise devices and create botnets since it's much easier to find exposed/unpatched devices as most users don't understand how to correctly configure a firewall.

Most of the time, the only viable solution is to disable IPv6.