Comment by adolph
5 days ago
Yep, iot would be a tremendously worse security problem if everyone wasn't actually operating a household subnet without knowing it.
When your washing machine, fridge, etc all come with ipv6 5g modems is when your house becomes part of the future IT battlescape between lots of different entities that do not wish you well.
No, because sensibly configured routers would still block incoming traffic regardless of NAT.
If your dishwasher has a 5G antenna + modem built-in and connects to the manufacturer’s own wireless account then your router doesn’t enter the picture. The dishwasher can happily serve you ads and conduct routine surveillance all day long and the only thing you can do is cut power to the device (until they start including a battery backup for that stuff).
True, but the dishwasher should have its own firewall regardless, and assuming it'll be on IPv4 behind a firewalled NAT is by itself an implementation error.
1 reply →
I’m assuming you don’t know how iPv6 works. With SLAAC every device usually rotates the v6 address every few hours and maintains multiple of these. Each subnet for each customer is huge. With rotating MAC it’s virtually impossible to maintain a connection with an IPv6 only device by just IP address. It’s one of the features of IPv6 that such attacks are not going to be feasible.
I am truely a beginner. I am also annoyed by rotating identifiers for devices on the network since it increases the overhead to differentiate for the purpose of firewall rules. Maybe v6 has an identifier better than MAC that can be handled expeditiously for DNS and IP controls?
Why? My router won’t even let me DMZ a single ipv6 device or open all ports to a single ipv6 device. It will only let me open one port at a time.
different routers have different options, but all of them have come with a pretty strong firewall out of the box, turned on by default, for the last 10 years.