On 11/12/24 04:13, Carlos E. R. wrote:
On 2024-11-11 16:48, James Knott wrote:
On 11/11/24 10:45, Carlos E. R. wrote:
This is, I'm sorry to say, a security issue with IPv6: the router firewall being transparent on IPv6.
There's nothing to stop you from installing your own firewall behind theirs. I doesn't have to be a router. I run pfSense and I believe it can be set up in that manner. Also, with the sparse address space, it's hard for an attacker to find anything to attack.
You mean this?
Telefonica-|------firewall----Switch---|--- router |-- |---- |-- |----- |-- |------
So, more hardware, and more software to configure.
You can get a cheap firewall, and they're fun to configure. You certainly have the skills.
In any case, I might do it, but the masses of million users of Telefónica are more exposed. A computer can have its own firewall, but the printer doesn't, IoT doesn't, and they broadcast.
Ok, there are millions of addresses in the LAN, but for example when you send an email that IP is known. A determined attacker wanting to attack me will find out where my printer is.
Exactly! I'm starting to remember my problems setting up IPv6 here at Wolfgang Manor. I've got a separate NAT'ed subnet for IoT things. My scale, outside security cameras, and whatnot can be compromised and I don't really care. I couldn't set up isolated subnets with the IPv6 service I was getting from my ISP. I don't want my scale to ssh into my Leap 15.6 desktop! The router I use, a Zyxel USG40, provides four RJ-45 jacks that can be configured as four independent NAT'ed IPv4 subnets. I couldn't do this with v6. The Zyxel's WAN port is connected to my Cable Modem which has a COAX cable connecting to a fiber relay point in the street. It would be nice to have fiber to my modem, but it is what it is. I remember when we had only POTS telephone lines and a Hayes 19.2kbaud SmartModem. Regards, Lew