this post was submitted on 16 Aug 2024
691 points (98.9% liked)

Technology

72356 readers
3021 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
691
All Windows users should immediately update their computers. An exploit rated 9.8/10 (CVE-2024-38063) compromises all devices running Windows with an IPv6 address. (msrc.microsoft.com)
submitted 10 months ago* (last edited 10 months ago) by hal_5700X@sh.itjust.works to c/technology@lemmy.world
204 comments fedilink hide all child comments
 

archive

If you have the August 13, 2024—KB5041580 update. You're good.

you are viewing a single comment's thread
view the rest of the comments
[–] pivot_root@lemmy.world 10 points 10 months ago* (last edited 10 months ago) (17 children)

IPv6 has two main types of non-broadcast addresses to think about: link-local (fe80::) and public.

A device can self-assign a link-local address, but it only provides direct access to other devices connected to the same physical network. This would be used for peer discovery, such as asking every device if they are capable of acting as a router.

Once it finds the router, there are two ways it can get an IP address that can reach the wider internet: SLAAC and DHCPv6. SLAAC involves the device picking its own unique address from the block of addresses the router advertises itself as owning, which is likely what you're concerned about. One option for ensuring a device can't just pick a different address and pretend to be a new device is by giving it a subset of the router's full public address space to work with, so no matter what address it picks, it always picks something within a range exclusively assigned to it.

Edit: I butchered the explanation by tying to simplify it. Rewrote it to try again.

[–] r00ty@kbin.life 6 points 10 months ago (15 children)

In most cases, the router advertises the prefix, and the devices choose their own IPv6. Unless you run DHCPv6 (which really no-one does in reality, I don't even think android will use it if present).

It doesn't allow firewall bypass though, as the other commenter noted.

[–] yournamehere@lemm.ee 2 points 10 months ago (2 children)

ok. thank you. stuff like this just made me wonder: https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7590/573_Configuring-IPv6-in-the-FRITZ-Box/

for linux etc they suggest du enable dhcpv6 and i cant figure out where they adress this in their firewalls. still learning.

[–] r00ty@kbin.life 3 points 10 months ago (1 children)

Best thing to do to test the firewall is run some kind of server and try to connect to your ipv6 on that port.

Like I've said in other posts, routers really should block incoming connections by default. But it's not always the case that they do.

[–] yournamehere@lemm.ee 1 points 10 months ago

thanks.

load more comments (12 replies)
load more comments (13 replies)