this post was submitted on 16 Aug 2024
691 points (98.9% liked)

Technology

60129 readers
2752 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
691
All Windows users should immediately update their computers. An exploit rated 9.8/10 (CVE-2024-38063) compromises all devices running Windows with an IPv6 address. (msrc.microsoft.com)
submitted 4 months ago* (last edited 4 months ago) by hal_5700X@sh.itjust.works to c/technology@lemmy.world
207 comments fedilink hide all child comments
 

archive

If you have the August 13, 2024—KB5041580 update. You're good.

you are viewing a single comment's thread
view the rest of the comments
[–] pivot_root@lemmy.world 10 points 4 months ago* (last edited 4 months ago) (17 children)

IPv6 has two main types of non-broadcast addresses to think about: link-local (fe80::) and public.

A device can self-assign a link-local address, but it only provides direct access to other devices connected to the same physical network. This would be used for peer discovery, such as asking every device if they are capable of acting as a router.

Once it finds the router, there are two ways it can get an IP address that can reach the wider internet: SLAAC and DHCPv6. SLAAC involves the device picking its own unique address from the block of addresses the router advertises itself as owning, which is likely what you're concerned about. One option for ensuring a device can't just pick a different address and pretend to be a new device is by giving it a subset of the router's full public address space to work with, so no matter what address it picks, it always picks something within a range exclusively assigned to it.

Edit: I butchered the explanation by tying to simplify it. Rewrote it to try again.

[–] r00ty@kbin.life 6 points 4 months ago (15 children)

In most cases, the router advertises the prefix, and the devices choose their own IPv6. Unless you run DHCPv6 (which really no-one does in reality, I don't even think android will use it if present).

It doesn't allow firewall bypass though, as the other commenter noted.

[–] Blaster_M@lemmy.world 3 points 4 months ago* (last edited 4 months ago) (1 children)

DHCPv6 is very much in use with large ISPs. SLAAC only lets you get a single /64 (one network) from the ISP, but if you use DHCPv6, which is also provided ISP side, you can often request a /60 to get you 16 networks to use. Also, DHCPv6 doesn't base the IPv6 address off the MAC address like SLAAC does, so it is better for device privacy.

Why Android does not support DHCPv6 is beyond me. It's honestly quite ridiculous as it makes configuring LAN-side DNS and other things a lot easier.

[–] r00ty@kbin.life 4 points 4 months ago

Dhcpv6-pd is used by isps for prefix delegation, which most routers support now (not so when my isp first started with it).

But for advertising prefixes on a lan most networks use router adverts.

They're different use cases though.

load more comments (13 replies)
load more comments (14 replies)