Technology

Yeah? Well I was playing a game and it rebooted in the middle of a boss fight!

Just say you run Arch and move on.

Just sayin'

IPv6 genuinely made some really good decisions in its design, but I do question the default "no NAT, no private network prefixes" mentality since that's not going to work so well for average Janes and Joes

As a tech nerd who self hosts stuff, I'm more like "what is IPV6 and why is it causing me issues, I can't figure this out, I guess I'll disable it, wow my problems are fixed now."

I guess I can see why people don't like it, as it's caused me issues, but just because I don't understand it doesn't mean it's dumb. I'd need to understand how it works before I could say anything about it, positive or negative. I guess all I could say is that it's been way less intuitive to me, I can't memorize the numbers, and the reason it exists makes sense. Beyond that, I unno.

I should probably spend the time to learn about it, but I already have a full time job where I work on computers all day, I'd rather focus on my other hobbies while I'm at home.

Our windows XP laptop

What about Windows 3.1!?

IPV6 is already rolled out in parts of the world. My provider has a Dual Stack lite architecture, the home connection is over IPV6, IPV4 is normally being tunneled via V6 through a provider grade NAT.

As I AM a network nerd, I pay for a dedicated IPV4 address every month, so I can reach my stuff from outside from old IPV4 only networks.

So when I plug in my router, connect a windows machine and just google stuff then all this traffic will be IPV6 without me configuring anything.

It's so great fun having the attack surface being doubled by dual stack setups.

they certainly don't run windows.

IPv6 is enabled by default on windows.

EDIT Here's how to disable it. If you can't on your modem/router. Open the network menu from the icon in bottom right of screen > right click on the network you are connected to and click "status" > In the popup click on the "Properties" button > You'll get another popup with the name of your network adapter in a top line/box and a secondary box with a list of things in it > Look for the entry "Internet Protocol Version 6 (TCP/IPv6)" and uncheck the box in front of it > click OK.

I've not read the CVE but assuming it works on any IPv6 address including the privacy extensions addresses, it's a problem. Depending on what most routers do in terms of IPv6 firewalling.

My opinion is, IPv6 firewalls should, by default, offer similar levels of security to NAT. That is, no unsolicited incoming connections but allow outgoing ones freely.

In my experience, it's a bit hit-and-miss whether they do or not.

Now, if this works on privacy extension addresses, it's a problem because the IPv6 address could be harvested from outgoing connections and then attacked. If not, then scanning the IPv6 space is extremely hard and by default addresses are assigned randomly inside the /64 most people have assigned by their ISP means that the address space just within your own LAN is huge to scan.

If it doesn't work on privacy extension IPs, I would say the risk is very low, since the main IPv6 address is generally not exposed and would be very hard to find by chance.

Here's the big caveat, though. If these packets can be crafted as part of a response to an active outgoing TCP circuit/session. Then all bets are off. Because a popular web server could be hacked, adjusted to insert these packets on existing circuits/sessions in the normal response from the web server. Meaning, this could be exploited simply by visiting a website.