Questions tagged [ipv6]
IPv6 is the next generation protocol for Internet networking. IPv6 expands on the current Internet Protocol standard known as IPv4. Compared to IPv4, IPv6 offers better addressing, security and other features to support large worldwide networks.
69 questions
0
votes
1
answer
264
views
Is NAT66 increasing security?
NAT is so standard for IPv4 that nobody thinks about it but for IPv6 it's considered a really bad option. (Article from APNIC) Of course there's the stateless NPTv6 and the firewall can be configured ...
- 219
0
votes
0
answers
733
views
Suspicious incoming connection attempts from random IPv6 addresses on local network on macOS
I've been using Little Snitch on my Macbook and I have since a long time a rule to alert on any incoming IPv6 connection, which would be suspicious since I use IPv4 only.
Since a couple of days I've ...
- 101
1
vote
1
answer
527
views
IPv6 address leaking despite VPN?
Given that commands like ifconfig or ip address don't require root privileges, apps can access information about ip address. If you use ipv4, you are normally behind NAT and apps would get an address ...
- 21
0
votes
2
answers
1k
views
Disabling IPV6 firewall with IPV6 disabled
Our router (Asus RT-AC68U) has been slowing down our speeds, up until I disabled the IPV6 firewall (Went from 250 to 380, which is the modem cap for now). We've always had IPV6 disabled on the router, ...
- 3
1
vote
1
answer
269
views
Best methods to mitigate DDOS with changing IP sources
Source ip addresses can be spoofed. And because of IPv6 it is not enough to keep a look-up table of ip addresses that are excluded from visiting a website, because with ipv6 there are now enough ip ...
- 201
1
vote
0
answers
173
views
How to Prevent Attacker from Abusing IPv4-embedded IPv6 to Bypass Security Mechanism?
Section 5.3 of RFC6052 explained how an attacker could abuse the NAT64 translation mechanism to bypass security mechanism such as firewall or IDS/IPS if those devices only have an IPv4 blacklist. The ...
- 90
3
votes
1
answer
720
views
Is disabling IPv6 an effective workaround for "Bad Neighbor" Vulnerability (CVE-2020-16898)?
CVE-2020-16898 is a remote code execution vulnerability caused by the improper handling of ICMPv6 Router Advertisement packets by Windows TCP/IP stack. Microsoft's recommended workaround is to disable ...
0
votes
0
answers
220
views
What is the most restrictive way to allow IPv6 ICMP requests on iptables?
This is what I have so far but it is pretty open.
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ...
- 229
3
votes
1
answer
258
views
Privacy in P2P vs relayed connections for VoIP
I'm developing some sort of VoIP application for mobile devices for fun.
I initially planned to rely on P2P connections only.
I didn't want to use a relay server because I thought (1.) there would ...
0
votes
0
answers
294
views
Is it a Bad Idea™ to open all IPv6 ports for devices in an isolated guest network?
At home I have a dual-stack IPv4/IPv6 broadband connection, and I also have a wireless access point. The access point currently bridges all traffic into my LAN, which is not segmented in any way, so ...
- 1
1
vote
0
answers
269
views
When using VPN, why do LAN IPv6 Addresses disappear in router LAN status?
My DSL/WiFi router lists the IPv6 GU- and LL- Address for each connected device, alongside the device's MAC address. When a device uses VPN, these addresses disappear from the LAN status listing.
...
- 121
-1
votes
1
answer
153
views
Hiding rough whereabouts of a machine with IPv6, without using a proxy
Since I configured my smartphone Access Point Name (APN) of the type APN protocol from including the value IPv4 to including the value IPv4/IPv6, generally all different addresses I got after ...
user123574
-1
votes
1
answer
957
views
Are IPv4 more intuitively hard to track than IPv6?
I understand that it is easier for a human to intuitively figure out the alleged whereabouts of a machine if that machin's IP address is IPv6, rather than if its IPv4:
For example, since I configured ...
user123574
1
vote
0
answers
366
views
Custom IPv6 network and security risks
I draw a custom network (I would use that for developing and testing, my ISP does not support IPv6), there IPv4 and IPv6 are present.
'A' device has firewall: incoming blocked, only accept access (SSH)...
1
vote
0
answers
118
views
Does a browsers' vpn feature securely modify my ipv6 address?
If I use inbuilt vpn feature of a browser, does it modify my ipv6 address, making me safe as far as my mac address is concerned ?
OS - Ubuntu 16.04. Browser - Opera
- 11
1
vote
1
answer
587
views
ISP's defence methods against IPv6 Spoofing
I read about there being methods applied by ISP's to defend networks against IPv4 spoofing, but not too much about IPv6 spoofing. I'm wondering if someone has some knowledge if ISP's apply techniques ...
- 11
0
votes
2
answers
827
views
Why IPv6 showing on whatismyip.com?
I use Tor Browser on Whonix. Why I see IPv6 (something like 3221:23f9:c:67h:0:0:0:3) on whatismyip.com?
Is that website can see my MAC Address?
- 11
9
votes
2
answers
32k
views
Is it dangerous to disable the IPv6 firewall built into many home routers?
The router that my ISP has delivered contains an IPv6 firewall. The only configuration option is whether it is on or off. Apparently, this firewall simply denies all incoming connections.
I ...
- 211
2
votes
2
answers
2k
views
Do household IPv6 addresses introduce vulnerabilities? [duplicate]
Apparently, for half a year already at least, my ISP has assigned me IPv6 addresses. I discovered this accidentally, while editing Wikipedia. So it seems my ISP started to support IPv6 addresses and ...
- 6,595
3
votes
0
answers
150
views
What is this "...ffff:ffe2" traffic being blocked?
I have a fairly simplistic pfSense setup. IPv6 is provided through a Hurricane Electric tunnel.
Something on my home LAN is sending traffic from an odd-looking address, and so it's getting blocked, ...
- 131
99
votes
10
answers
27k
views
How would disabling IPv6 make a server any more secure?
I was reading this article about hardening security on Linux servers, and in point #23, the article says:
#23: Turn Off IPv6
Internet Protocol version 6 (IPv6) provides a new Internet layer of
...
- 3,843
3
votes
0
answers
325
views
Security Risks specific to IPv6-only hosts
Because I can get full IPv6 support now from my home office (Comcast did this right) I have started to bring up cloud servers with no IPv4 addresses -- only IPv6. I use a static address and create a ...
- 525
3
votes
2
answers
6k
views
IPv4, IPv6 and firewall
Say I have a server running some version of Linux and I give this server an IPv4 address of 10.1.1.1
Now using my network firewall I NAT this IP to some public IP address and I block all incoming ...
- 802
3
votes
4
answers
6k
views
Blocking ipv6 packets with firewall, if using an ipv4 router
A router doesn't support ipv6. There is a machine connected to the router, that is assigned an ipv4 address by the router. The machine uses firewall software.
Setting up the machine's firewall, all ...
- 165
10
votes
1
answer
387
views
Setting up a IPv6 Darknet/Network Telescope
I would like to setup a IPv6 Darknet/Network Telescope. It is unused address space a network that is completely passive and sends no outbound traffic. This talk gives more details.
Most residential ...
- 101
0
votes
1
answer
1k
views
IPv6 and NAT firewall effect
It seems that people still argue on whether to use NAT with IPv6 for its side-role as a firewall hiding inner network from the outside (providing user anonymity and security as well). I am wondering ...
- 411
2
votes
1
answer
7k
views
My ISP provides IPv6 natively but my VPN does not support IPv6
I have an internet connection that is soon rolling out IPv6 native support but my VPN connection is far from rolling out IPv6 connection.
Can there can be any sort of leak if I still connect to my VPN ...
- 598
1
vote
1
answer
546
views
Is only using one IP address version (IPv4/IPv6) an availability risk?
Most websites configure their domain name server records only with A records for the use in IPv4 networks only. Some websites have configured AAAA records as well for use in IPv6 networks, using both ...
- 7,135
3
votes
1
answer
201
views
IPv6 Spams dataset?
My master thesis is about "Managing Spam Under IPv6". I would like to use machine learning algorithm on information retrieved from mail headers in order to sort out spams from legitimate mails. To do ...
- 31
23
votes
4
answers
16k
views
Is IPv6 more secure than IPv4?
One of my friends is going to implement IPv6 in his university network environment and he told me it is more secure than IPv4. Is IPv6 more secure than IPv4? If so, how is it achieved on the protocol ...
- 1,317
1
vote
1
answer
310
views
Searching a tool to perform SSL/TLS handshakes and store data [closed]
As the title says, I am searching for a tool, which can do the following:
Do SSL Handshake beeing given a list of IP-Addresses
Support SNI (in that case hostnames would be in the list, too)
...
- 105
2
votes
1
answer
298
views
IPv6 private network adressing
While sniffing a training network with Wireshark, I realized that it contains some IPv6 addresses.
So I decided to nmap one of the IPv6 address found (with the -6 option), and was able to see my own ...
- 161
0
votes
1
answer
1k
views
How to retrieve an IPV6 knowing the IPV4? [closed]
I'm using nmap to scan a training lab environment, and I would like to check if a remote machine has an IPV6 address. I only know the IPV4 of the machine.
And I know that scanning through IPV6 would ...
- 185
2
votes
0
answers
201
views
Throttling IPv6 requests - what would be a suitable subnet size?
I'm trying to come up with a request throttling policy for a web application based on IP addresses.
For throttling requests for users on IPv4, a subnet size of /32 (i.e. a single IP address) is often ...
user22260
5
votes
1
answer
5k
views
Configuring socat to pentest an IPv6-only remote web server from an IPv4 host
I need to pentest an IPv6-only web server situated in a remote network from my IPv4 host (Kali Linux VM). I have a 6-to-4 tunnel up between the two hosts (configured using Hurricane Electric). I'm ...
- 75
2
votes
1
answer
684
views
Can ping flooding attacks still be implemented in a IPv6 network?
Can ping flooding attacks still be implemented in a IPv6 network? And what could be a good way to simulate such an attack?
- 21
1
vote
2
answers
2k
views
Bypassing the GFW with IPv6 and proxying all IPv4 traffic
I hope I'm in the right forum for this kind of question. I'm in China and as you're probably all aware, the Great Firewall (GFW) blocks a lot of websites. Surprisingly, when using the IPv6 connection ...
- 111
0
votes
1
answer
157
views
Impairment of security by introduction of ipv6 [duplicate]
If you get a public IPv6 on your device, and someone gets hold of your momentary IPv6 (which changes every 24h by the privacy extensions), a possible attacker could start a lot of automated tools on ...
- 2,390
1
vote
1
answer
154
views
Is KDD CUP methodology sufficient to describe all possible attacks in IPv6?
KDD CUP dataset has been used to train IPv4 intrusion detection systems. The attacks are identified with the help of these pre-determined features.
Are these features sufficient to classify the ...
- 11
2
votes
3
answers
8k
views
Spoofed MAC address with macchanger but cant connect to internet
So I used macchanger to spoof my mac address with these commands:
sudo ifconfig (interface) down
sudo macchanger -m (mac_address) (interface)
sudo ifconfig (interface) up
If I stop here I will not ...
- 21
0
votes
1
answer
328
views
Why doesn't my IP change on manual router turn off/on? [closed]
Basically the title. I remember that when still having IPv4 addresses, my IP changed after the router turn off/on. This doesn't seem to be the case with IPv6. Since there are almost 10^40 addresses ...
- 659
1
vote
1
answer
2k
views
How do I scan for and discover active IPv6 addresses of devices behind a router?
Usually with IPv4 and NAT you can only access a device behind a router if the router is port-forwarded correctly or is the router's DMZ. When behind the router you can easily scan for the IPs behind ...
- 11
5
votes
2
answers
6k
views
Question about IPv6, NAT, firewall, port forwarding, upnp and security
In the next months/years my ISP might give me IPv6 for my home connection. But what are the security implications? Will local network servers/embedded devices be accessible from the whole internet?
...
- 2,963
-5
votes
1
answer
174
views
Can an ip be forced to connect? If so, how is it done, and how can I prevent it? [closed]
Can an IP be forced to receive data from another IP (specifically IPv6 for both)? If so how does this work, and how can I prevent this from happening to me? Does that have any way to be broken? If so ...
- 93
2
votes
1
answer
412
views
Is possible for a vulnerability search engine to detect the ipv6 adresses?
Using IPV4 protocol, vulnerability search engines can detect and index Internet connected devices. It will be easy for a hacker to collect a lot of information about some devices and perform an attack....
- 2,251
2
votes
0
answers
92
views
Is the crypto-key pair in IPv6 SeND persistent?
IPv6 introduces the NDP extension SeND to help mitigate identity theft, however, is the non-PKI public/private key pair used during the process persistent to some degree, or generated on every ...
- 121
2
votes
2
answers
2k
views
Telnet port open on my router public IPv6 address
Recently I upgraded my home router into this one. It is a cheap one, but it has features I needed: IPv6 support and Gigabit Ethernet.
So I decided to give IPv6 a try. I configured a Hurricane ...
- 123
6
votes
2
answers
2k
views
What parts of IPv6 address may I show publicly and safely?
I want to ask question about some network issue, i.e. about printing the IPv6 address correctly. I assume the users expect me to provide some meaningful examples of what I expect and what I have.
...
- 183
8
votes
1
answer
3k
views
Is receiving IPv4 connections on AF_INET6 sockets insecure?
The FreeBSD man page for inet6 has the following:
By default, FreeBSD does not route IPv4 traffic to AF_INET6 sockets.
The default behavior intentionally violates RFC2553 for security
reasons. Listen ...
- 1,380
1
vote
2
answers
336
views
Assigning random IPv6 ranges to ISPs as a security measure
Pinging all the IPv4 address space takes about 5 hours (and can generate beautiful maps). Port-scanning doesn't take much longer and can reveal vulnerable services, such as remote administration of ...
- 147