Reply to post: Re: And who told you I want to be measured?

IPv4 apocalypse means we just can't measure the internet any more

bombastic bob Silver badge
Devil

Re: And who told you I want to be measured?

"My understanding is that V6 allows a version of the LAN address to get out as the return address for the connection."

not entirely true, but lemme 'splain.

IPv6 addresses are assigned to a particular netblock, which the router will know about. The router can advertise this information and assign IPv6 addresses using some protocol I can't remember the name of. You can then allow an automatically assigned IPv6 address from the netblock, or assign a static one (your choice) from within the same netblock.

Now, about IPv6 routing: the routers use the advertisements to say "send your IPv6 outgoing traffic to me." They know about the upstream router, which was either assigned statically, or also advertised itself. that's how IPv6 routing works. In theory, you don't have to set up gateways, just routers [and the rest is automatic].

Now, because you were assigned an IPv6 netblock, your IP addresses are UNIQUE TO YOUR MACHINE, FOREVER. This also exposes every listening port onto the intarwebs using that IPv6 address if you didn't bother to firewall it. The router CAN firewall [mine does, it's running FreeBSD, and Linux could do the same thing]. In particular, I don't want a VNC port, or an X11 port, or any of the dozen-or-so ports that Windows listens on to be exposed to the outside world. So I block ALL of them at the IPv6 gateway.

BUT, whenever you visit some web site, the web site knows who connected, YOUR publicly visible IPv6 address that is NOT translated. A rogue web server could then scan you for open (listening) ports on that address and determine whether or not you can be cracked. Specific ones are well-known for windows, X11, VNC, Samba sharing, SQL Server, SVN, mail servers, and whatever OTHER things you might not want accessed from the outside [so you better firewall them all or risk getting CRACKED].

Anyway, that's pretty much an executive summary of what's going on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon