this post was submitted on 16 Aug 2024
691 points (98.9% liked)

Technology

60129 readers
2752 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

archive

If you have the August 13, 2024—KB5041580 update. You're good.

you are viewing a single comment's thread
view the rest of the comments
[–] pivot_root@lemmy.world 10 points 4 months ago* (last edited 4 months ago) (17 children)

IPv6 has two main types of non-broadcast addresses to think about: link-local (fe80::) and public.

A device can self-assign a link-local address, but it only provides direct access to other devices connected to the same physical network. This would be used for peer discovery, such as asking every device if they are capable of acting as a router.

Once it finds the router, there are two ways it can get an IP address that can reach the wider internet: SLAAC and DHCPv6. SLAAC involves the device picking its own unique address from the block of addresses the router advertises itself as owning, which is likely what you're concerned about. One option for ensuring a device can't just pick a different address and pretend to be a new device is by giving it a subset of the router's full public address space to work with, so no matter what address it picks, it always picks something within a range exclusively assigned to it.

Edit: I butchered the explanation by tying to simplify it. Rewrote it to try again.

[–] r00ty@kbin.life 6 points 4 months ago (15 children)

In most cases, the router advertises the prefix, and the devices choose their own IPv6. Unless you run DHCPv6 (which really no-one does in reality, I don't even think android will use it if present).

It doesn't allow firewall bypass though, as the other commenter noted.

[–] yournamehere@lemm.ee 2 points 4 months ago (2 children)

ok. thank you. stuff like this just made me wonder: https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7590/573_Configuring-IPv6-in-the-FRITZ-Box/

for linux etc they suggest du enable dhcpv6 and i cant figure out where they adress this in their firewalls. still learning.

[–] r00ty@kbin.life 3 points 4 months ago (1 children)

Best thing to do to test the firewall is run some kind of server and try to connect to your ipv6 on that port.

Like I've said in other posts, routers really should block incoming connections by default. But it's not always the case that they do.

[–] yournamehere@lemm.ee 1 points 4 months ago
load more comments (12 replies)
load more comments (13 replies)