this post was submitted on 08 Jun 2024
479 points (97.4% liked)

Memes

45719 readers
1057 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] kungen@feddit.nu 1 points 5 months ago (1 children)

I also like the privacy extensions, but how often does your prefix even change? Most places I've seen you get a /64 announced and it basically never changes -- so somewhat elementary to "break through" that regardless.

[โ€“] Melody@lemmy.one 2 points 5 months ago

I have a /48 that I can basically roll through.

A /64 is more than enough though to prevent most casual attempts at entry; and does force more work / enumeration to be done to break into a network and do damage with. I'm not saying the privacy extensions are the greatest; but they do work to slightly increase the difficulty of tracking and exploitation.

With a /48 or even a /56; I can subdivide things and hand out several /64s to each device too; which would shake up things if tracking expects a /64 explicitly.

I actually use /55s to cordon off blocks inside the /48 that aren't used too. So dialing a random prefix won't help. You'd be surprised how often I get intrusive portsweeps trying to enumerate my /64s this way...and it doesn't work because I'm not subnetting on any standard behavior.