On 4/22/23 18:38, Carlos E. R. wrote:
On 2023-04-23 00:13, Lew Wolfgang wrote:
On 4/22/23 14:05, Carlos E. R. wrote:
On 2023-04-22 22:56, Lew Wolfgang wrote:
On 4/22/23 13:26, Carlos E. R. wrote:
On 2023-04-22 21:20, Lew Wolfgang wrote:
On 4/22/23 12:00, James Knott wrote: > On 2023-04-22 13:13, Carlos E. R. wrote: >> That complain was in another thread. This is about the non >> working firewall in the router, which leaves my entire LAN >> accessible to Internet at large. > > IPv6 has a security advantage in that with such a huge address > space, it's extremely difficult for an attacker to find anything > to attack. For example, you have a /64 prefix, which is 18.2 > billion, billion addresses. This is the entire IPv4 address > space squared. Out of that you will have at most a few dozen > addresses. An attacker can scan all day, every day and not find > anything. In contrast, with IPv4, it's not hard to find a target.
Security through obscurity?
Passwords area also obscurity.
Yes they are, but there are mitigations. There are mitigations for port scanning too, but I doubt if your ISP firewall employs them. Are you not concerned about not having a firewall in place for IPv6?
I have a non working firewall on the ISP provided router.
That's exactly why you need one of your own.
Which as I have said many times, it is nearly impossible, because Telefónica doesn't document the specs (which is against EU rules)- I have to reverse engineer the configuration. And if anything ever fails, they don't support me. Not even help.
Just leave the ISP's firewall alone and add your own in front of SW1.
BTW, did you also run a scan with IPv4 just to be sure you're okay there?
Not recently. And there is NAT.
Was your IPv6 scan to an IPv4-natted host?
Of course not. It was on the IPv6 address.
Is the host dual-stacked? Does it also have IPv4 capability? What's doing the natting? The ISP's router? It would be interesting to see the scan and might help to prove a point. Regards, Lew