Forum

Is IPv6 safe to use?  

  RSS

1

With IPv6, you are not using a NAT (at least most routers aren't setup for a IPv6 NAT), this will reveal your "internal" address. Is this safe?

 
0

Great question, @PaulFranz. The natural firewalling that NAT brings isn't there with IPv6, and requires a more intentional firewall to be in place. Thankfully, most routers handle this fairly well.

It used to be that Macs would generate a temporary IPv6 address every hour (I think), and use that for any outbound connections... that way they would never expose their true, "permanent" address to the outside world.

I think, however, that this changed with Sierra (Apple talked about this at WWDC 2016), and now the Mac does just have one IPv6 address, though it's generated without exposing the MAC address, so people can't tell what type of computer you're using, etc.

Still, though, that does require your router to do the firewalling, and your concern is valid.

Dave, Do you know if eero acts as an IPv6 firewall?  I know I'm being specific and selfish, but since you have said you use eero, I figure it is worth it for you to figure out as well 😀 

I have three of the eero 2nd gen models.

0

@datafornothinandbitsforfree - Yeah, eero does a fine job of ensuring that unsolicited traffic is kept out.

 
0

What concerns me (or maybe even scares me a little) is that I'm a geek and yet can't give a definitive explanation of how to ensure lock down of IPv6.

For example a Trustwave penetration tester mentions that the different defaults on network firewalling compared to computer firewalling can leak information:

But while the IPv4 address filtered other ports, all unused ports on the IPv6 address are showing up as closed which means the system is actively rejecting connection attempts rather than ignoring them. Most operating systems will reject attempts to connect to unused ports, while most host and network based firewalls are configured to ignore such attempts. Comparing rejected connection attempts versus silently ignored connection attempts often helps in initial reconnaissance.

 
Share: