IPv6 Trial

starmage

Active Member
Joined
Oct 8, 2008
Messages
46
Just a question.You say each device gets an address from your DHCP server ? Why not assign a /48 or /64 block to the router and then the router will assign an address from this block to the local network ? This is the way I have setup my DIR-825 (orange) - I got myself a /64 address block from HE.net (6-to-4 tunnel which is supported by the router) - so all 2001:470:1f23:XXX:: addresses belong to me and my local devices are assigned an address from this pool.
 

killerbyte

Expert Member
Joined
May 10, 2007
Messages
2,009
Just a question.You say each device gets an address from your DHCP server ? Why not assign a /48 or /64 block to the router and then the router will assign an address from this block to the local network ? This is the way I have setup my DIR-825 (orange) - I got myself a /64 address block from HE.net (6-to-4 tunnel which is supported by the router) - so all 2001:470:1f23:XXX:: addresses belong to me and my local devices are assigned an address from this pool.
your devices are all assigned a public IP???
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
imagine silently popping thousands of Afrihost clients, with persistence so their "oh but the IP changes lmao" argument from back in the days of DSL (stealing PPPoE creds from default Telkom routers) falls away

when it happens im clipping afrinatic's posts lmfao
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
Thats the way IPv6 works yes. But also do remember my /64 address block is bigger than the current total IPv4 address space

the amount of IPs does not matter, the direct connection between an unpatched client and the global WAN is the problem
 

blunt

Expert Member
Joined
May 1, 2006
Messages
3,014
Thats the way IPv6 works yes. But also do remember my /64 address block is bigger than the current total IPv4 address space
I get the needle in a haystack thing but I'd think the way the hackers of the ipv6 world work would probably be to exploit access logs to find usable v6 ips rather than "guessing" ranges
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
y'all know masscan 1.3 dropped like early 2021

has anyone here tried it? or is everyone quoting outdated posts written in 2019 like they did in 2014 when botnets started becoming an actual global threat?
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
agreed yes, but that is why the routers should have a build in firewall - I know mine has (both IPv4 + IPv6 firewalls)

you are one of few, and I agree good firewall means you can enjoy IPv6 all day
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
I get the needle in a haystack thing but I'd think the way the hackers of the ipv6 world work would probably be to exploit access logs to find usable v6 ips rather than "guessing" ranges

known range? check
known allocation sequence? check
masscan 1.3 on a 10Gb port in ZA? check

just need to decide if I'm scanning a port or ICMP later...

consent from AH to try? probably not needed
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
It is the router I got from Afrihost - Dlink DIR-825 -- must say I am really happy with this little router.

do your clients have firewalls too? someone's granny's android box running a four year old unpatched release might not
 

starmage

Active Member
Joined
Oct 8, 2008
Messages
46
do your clients have firewalls too? someone's granny's android box running a four year old unpatched release might not
ah thats a totally different ballgame - lucky for me its just me and my household and I know what connects on my network
 

blunt

Expert Member
Joined
May 1, 2006
Messages
3,014
known range? check
known allocation sequence? check
masscan 1.3 on a 10Gb port in ZA? check

just need to decide if I'm scanning a port or ICMP later...

consent from AH to try? probably not needed
Perhaps AH should test this out themselves

Stupid question - thinking of MWEB back in the day who had that option in their account portal to enable/disable "secure" (aka block incoming connections) at an ISP level for your account - is this possible on v6 from the ISP?
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
Perhaps AH should test this out themselves

Stupid question - thinking of MWEB back in the day who had that option in their account portal to enable/disable "secure" (aka block incoming connections) at an ISP level for your account - is this possible on v6 from the ISP?

nope
 

Mr Scratch

Expert Member
Joined
May 15, 2013
Messages
4,770
Perhaps AH should test this out themselves

AH tooks six weeks to respond to a vuln someone found on their clientzone (still not fixed, so the person that found it sold it to a broker), they didn't have a working vuln disclosure link until someone asked the forum rep to ask them to fix it and apparently don't monitor their own network because they rely on customers to do it for them

so yes maybe AH should do something for themselves lol
 

D4N_CPT

Well-Known Member
Joined
Sep 18, 2017
Messages
488
This is similar to AH stripping you of your clothes (voluntarily of course - so that all is above board), then putting you in a big forest. After which they calm you by saying that you should not worry, as it is a big forest and the flashlight/s used to look for you is so small that it is unlikely that anyone will see you naked.

You do not want to be naked on the internet, ever.

Even a shitty layer of protection (provided by a shitty router) between you and the internet is better than nothing - which is how you will end up if you do not understand what you are working with.
 
Top