On 4/22/23 14:05, Carlos E. R. wrote:
On 2023-04-22 22:56, Lew Wolfgang wrote:
On 4/22/23 13:26, Carlos E. R. wrote:
On 2023-04-22 21:20, Lew Wolfgang wrote:
On 4/22/23 12:00, James Knott wrote:
On 2023-04-22 13:13, Carlos E. R. wrote:
That complain was in another thread. This is about the non working firewall in the router, which leaves my entire LAN accessible to Internet at large.
IPv6 has a security advantage in that with such a huge address space, it's extremely difficult for an attacker to find anything to attack. For example, you have a /64 prefix, which is 18.2 billion, billion addresses. This is the entire IPv4 address space squared. Out of that you will have at most a few dozen addresses. An attacker can scan all day, every day and not find anything. In contrast, with IPv4, it's not hard to find a target.
Security through obscurity?
Passwords area also obscurity.
Yes they are, but there are mitigations. There are mitigations for port scanning too, but I doubt if your ISP firewall employs them. Are you not concerned about not having a firewall in place for IPv6?
I have a non working firewall on the ISP provided router.
That's exactly why you need one of your own.
BTW, did you also run a scan with IPv4 just to be sure you're okay there?
Not recently. And there is NAT.
Was your IPv6 scan to an IPv4-natted host? Regards, Lew