On 2024-11-11 16:48, James Knott wrote:
On 11/11/24 10:45, Carlos E. R. wrote:
This is, I'm sorry to say, a security issue with IPv6: the router firewall being transparent on IPv6.
There's nothing to stop you from installing your own firewall behind theirs. I doesn't have to be a router. I run pfSense and I believe it can be set up in that manner. Also, with the sparse address space, it's hard for an attacker to find anything to attack.
You mean this? Telefonica-|------firewall----Switch---|--- router |-- |---- |-- |----- |-- |------ So, more hardware, and more software to configure. In any case, I might do it, but the masses of million users of Telefónica are more exposed. A computer can have its own firewall, but the printer doesn't, IoT doesn't, and they broadcast. Ok, there are millions of addresses in the LAN, but for example when you send an email that IP is known. A determined attacker wanting to attack me will find out where my printer is. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)