• RecluseRamble@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    56
    arrow-down
    12
    ·
    edit-2
    5 months ago

    Why should we care? So address space may run out eventually - that’s our ISPs’ problem.

    Other than that I actually don’t like every device to have a globally unique address - makes tracking even easier than fingerprinting.

    That’s also why my VPN provider recommends to disable IPv6 since they don’t support it.

    • MrRazamataz@lemmy.razbot.xyz
      link
      fedilink
      English
      arrow-up
      29
      ·
      5 months ago

      Because people in countries with ISPs that are unable to provide IPv4 (e.g. too expensive) can’t access GitHub easily.

    • umbrella@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      5 months ago

      the only reason i can think of is cgnatting ipv4 because of depleted pool. otherwise yea.

      i believe you can NAT ipv6 too, i mean so you use the router’s address only?

      • Avatar_of_Self@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        5 months ago

        You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

        NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.

        • orangeboats@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          The word you are looking for is firewall not NAT.

          NAT does not provide security whatsoever. If the NAT mapped your (internal IP, internal port) to a certain (external IP, external port) and you do not have a firewall enabled, everyone can reach your device by simply connecting to that (external IP, external port).

          I haven’t seen routers that do not come with IPv6 firewalls enabled by default.

          • umbrella@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            5 months ago

            everyone can reach your device by simply connecting to that (external IP, external port)

            to be fair thats the setup most people run when they open ports.

          • Avatar_of_Self@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            5 months ago

            The word you are looking for is firewall not NAT.

            No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

            Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

            By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

            • orangeboats@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              5 months ago

              Consumer router firewalls are generally trash

              [Citation needed]

              They are literally piggybacking on the netfilter module of Linux. I don’t see how that’s trash

              • Avatar_of_Self@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                5 months ago

                They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

                Added some clarification in my first sentence so it makes a bit of sense.

                  • Avatar_of_Self@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    5 months ago

                    Because, as I said:

                    layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.

                    The NAT doesn’t have to operate at layer 7 to be effective for this because

                    coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

                    The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.

                    Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it

                    barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      arrow-up
      5
      ·
      5 months ago

      that’s our ISPs’ problem

      If the Internet means for you a way to access Facebook, Netflix, Google and YouTube, yeah.
      But if it means a network to send something to another computer then it’s a huge problem.

      Because ISP won’t care if you can accept connections or not. They don’t care about decentralization and being able to host stuff yourself. Most consumers just want a pipe to big services and not to their friend’s house.

    • Aux@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      5 months ago

      That’s the dumbest thing I’ve read today… Your ISP is fleecing you and you’re happy with it.

      • RecluseRamble@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        arrow-down
        3
        ·
        5 months ago

        What the fuck are you talking about? My ISP supports IPv6 just fine, but following my VPN’s advice I disable it (on certain devices at least) for privacy concerns. And it makes exactly zero difference in functionality.

          • RecluseRamble@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            edit-2
            5 months ago

            It’s Proton VPN. Lack of IPv6 support is a downer but I wouldn’t call them shit.

            Edit: maybe elaborate why you deem IPv6 so crucial? As I said: everything works just fine without.