Comment by iamnothere
5 days ago
IPv6 itself seems to provide a larger attack surface based on IPv6-specific CVEs. I don’t know if it’s the added complexity or that it’s treated as a second class citizen by devs, but I still see a solid number of these coming across the CVE feed.
This one was particularly scary: https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.ht...
When something happens over IPv4 people treat it like "the Internet has malicious actors, water is wet", but when it happens over IPv6 it must be IPv6's fault.
Sigh...
Most network vulnerabilities apply equally to both, but of the ones that don’t, most are IPv6 only. This bothers me. I don’t like adding unnecessary attack surface to my infrastructure.