IPv6 Roll Out

Just a question.You say each device gets an address from your DHCP server ? Why not assign a /48 or /64 block to the router and then the router will assign an address from this block to the local network ? This is the way I have setup my DIR-825 (orange) - I got myself a /64 address block from HE.net (6-to-4 tunnel which is supported by the router) - so all 2001:470:1f23:XXX:: addresses belong to me and my local devices are assigned an address from this pool.
 
starmage said:
Just a question.You say each device gets an address from your DHCP server ? Why not assign a /48 or /64 block to the router and then the router will assign an address from this block to the local network ? This is the way I have setup my DIR-825 (orange) - I got myself a /64 address block from HE.net (6-to-4 tunnel which is supported by the router) - so all 2001:470:1f23:XXX:: addresses belong to me and my local devices are assigned an address from this pool.
Click to expand...
your devices are all assigned a public IP???
 
imagine silently popping thousands of Afrihost clients, with persistence so their "oh but the IP changes lmao" argument from back in the days of DSL (stealing PPPoE creds from default Telkom routers) falls away

when it happens im clipping afrinatic's posts lmfao
 
starmage said:
Thats the way IPv6 works yes. But also do remember my /64 address block is bigger than the current total IPv4 address space
Click to expand...

the amount of IPs does not matter, the direct connection between an unpatched client and the global WAN is the problem
 
starmage said:
Thats the way IPv6 works yes. But also do remember my /64 address block is bigger than the current total IPv4 address space
Click to expand...
I get the needle in a haystack thing but I'd think the way the hackers of the ipv6 world work would probably be to exploit access logs to find usable v6 ips rather than "guessing" ranges
 
y'all know masscan 1.3 dropped like early 2021

has anyone here tried it? or is everyone quoting outdated posts written in 2019 like they did in 2014 when botnets started becoming an actual global threat?
 
starmage said:
agreed yes, but that is why the routers should have a build in firewall - I know mine has (both IPv4 + IPv6 firewalls)
Click to expand...

you are one of few, and I agree good firewall means you can enjoy IPv6 all day
 
blunt said:
I get the needle in a haystack thing but I'd think the way the hackers of the ipv6 world work would probably be to exploit access logs to find usable v6 ips rather than "guessing" ranges
Click to expand...

known range? check
known allocation sequence? check
masscan 1.3 on a 10Gb port in ZA? check

just need to decide if I'm scanning a port or ICMP later...

consent from AH to try? probably not needed
 
starmage said:
It is the router I got from Afrihost - Dlink DIR-825 -- must say I am really happy with this little router.
Click to expand...

do your clients have firewalls too? someone's granny's android box running a four year old unpatched release might not
 
Mr Scratch said:
do your clients have firewalls too? someone's granny's android box running a four year old unpatched release might not
Click to expand...
ah thats a totally different ballgame - lucky for me its just me and my household and I know what connects on my network
 
Mr Scratch said:
known range? check
known allocation sequence? check
masscan 1.3 on a 10Gb port in ZA? check

just need to decide if I'm scanning a port or ICMP later...

consent from AH to try? probably not needed
Click to expand...
Perhaps AH should test this out themselves

Stupid question - thinking of MWEB back in the day who had that option in their account portal to enable/disable "secure" (aka block incoming connections) at an ISP level for your account - is this possible on v6 from the ISP?
 
blunt said:
Perhaps AH should test this out themselves

Stupid question - thinking of MWEB back in the day who had that option in their account portal to enable/disable "secure" (aka block incoming connections) at an ISP level for your account - is this possible on v6 from the ISP?
Click to expand...

nope
 
blunt said:
Perhaps AH should test this out themselves
Click to expand...

AH tooks six weeks to respond to a vuln someone found on their clientzone (still not fixed, so the person that found it sold it to a broker), they didn't have a working vuln disclosure link until someone asked the forum rep to ask them to fix it and apparently don't monitor their own network because they rely on customers to do it for them

so yes maybe AH should do something for themselves lol
 
This is similar to AH stripping you of your clothes (voluntarily of course - so that all is above board), then putting you in a big forest. After which they calm you by saying that you should not worry, as it is a big forest and the flashlight/s used to look for you is so small that it is unlikely that anyone will see you naked.

You do not want to be naked on the internet, ever.

Even a shitty layer of protection (provided by a shitty router) between you and the internet is better than nothing - which is how you will end up if you do not understand what you are working with.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X