← Back to context

Comment by KaiserPro

4 days ago

> With NAT, I absolutely know my ESP32 is not vulnerable and exposed

I mean thats not actually true, uPnP will open ports up, as will misconfiguration.

The firewall is still the same in ipv6 vs 4, and has the same problems.

3 comments

KaiserPro

Reply
dotancohen  4 days ago

Correct me if I'm wrong, but UPnP requires my ESP32 to initiate communication. Whereas giving it an IPv6 address would expose it to the entire www even before it attempts communication.

  • jech  4 days ago

    > Correct me if I'm wrong, but UPnP requires my ESP32 to initiate communication.

    Not quite. Using UPnP, any host on your internal network can open a port for any other host. You may be thinking of NAT-PMP.

    Additionally, by default UPnP mappings don't expire (unlike NAT-PMP mappings), so if a host crashes with an open port and your ESP32 inherits its IPv4 address, it will be exposed to the Internet.

    • dotancohen  4 days ago

      Actually I've never heard of NAT-PMP, so I'm just wrong ))

      Thank you. I never considered the reused address vulnerability.