this post was submitted on 16 Aug 2024
692 points (98.9% liked)

Technology

58137 readers
5226 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
692
All Windows users should immediately update their computers. An exploit rated 9.8/10 (CVE-2024-38063) compromises all devices running Windows with an IPv6 address. (msrc.microsoft.com)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
208 comments fedilink hide all child comments
 

archive

If you have the August 13, 2024—KB5041580 update. You're good.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 45 points 1 month ago (40 children)

IPv6 genuinely made some really good decisions in its design, but I do question the default "no NAT, no private network prefixes" mentality since that's not going to work so well for average Janes and Joes

[–] [email protected] 55 points 1 month ago* (last edited 1 month ago) (27 children)

No NAT doesn't mean no firewall. It just means that you both don't have to deal with NAT fuckery or the various hacks meant to punch a hole through it.

Behind NAT, hosting multiple instances of some service that uses fixed port numbers requires a load-balancer or proxy that supports virtual hosts. Behind CGNAT, good luck hosting anything.

For "just works" peer to peer services like playing an online co-op game with a friend, users can't be expected to understand what port forwarding is, let alone how it works. So, we have UPnP for that... except, it doesn't work behind double NAT, and it's a gaping security hole because you can expose arbitrary ports of other devices if the router isn't set up to ignore those requests. Or, if that's not enough of a bad idea, we have clever abuse of IP packets to trick two routers into thinking they each initiated an outbound connection with the other.

[–] [email protected] 3 points 1 month ago (26 children)

can you tell me if any device in an IPv6 LAN can just assign itself more IP v6 adresses and thereby bypass any fw rule?

[–] [email protected] 5 points 1 month ago (1 children)

How would that bypass the firewall?

[–] [email protected] 3 points 1 month ago (1 children)

Honestly, I think most fear of IPv6 is just borne out of ignorance and assigning their understanding of IPv4 onto IPv6 and making assumptions.

[–] [email protected] 5 points 1 month ago (1 children)

assigning their understanding of IPv4 onto IPv6 and making assumptions.

This is also what makes it more difficult to learn, unfortunately.

[–] [email protected] 1 points 1 month ago

That's true. But there are not many differences. It's just, the differences there are, are crucial to understanding it.

load more comments (24 replies)
load more comments (24 replies)
load more comments (36 replies)