IPV6

GenitronicsGenitronics Member Posts: 1
Dear Fing friends,
I'll post this IPV6 issue I encountered. 
IPV6 seems to allow passthrough the firewall if activated on your router.Ther where before you had to configure a NAT (IPV4) translation based on a dedicated or chosen port for your devices on the LAN.
With IPV6 it seems the router let communication pass even if no NAT translation is configured in the firewall of the router.To us this a risk for all CCTV, Alarm, IoT, NAS and remote accessible devices. IPV6 should only be used by the internet providers and turned off in your router and all clients on the LAN.
It seems that windows tunrs on IPV6 after updates, so checking those settings on all NICS is needed.
From what I red IPV6 contains in a header off each communication packet the needed information to reach its IPV6 end point if IPV6 on that device is active.
UPNP and P2P are also high risks, for us most safe so far is IPV4 with NAT translation.
[email protected] if people not agree on this analyse. 


Tagged:

Comments

  • PerolinPerolin Member Posts: 2
    First Comment

    Excuse me, but first read up on IPv6 and understand the new concepts. That it doesn't need NAT anymore is one of the big advantages of IPv6!


    By the way: there are hardly any iot devices that are ready for IPv6

  • ProTecKProTecK Member Posts: 52
    10 Comments 5 Agrees First Answer Name Dropper
    ✭✭
    Yeah, your ip6 understanding is way off. 
    The entire concept is based on end to end communication. Using end to end addressing.  
    There are ip6 firewall settings for devices (routers, firewalls, etc) that support it. 
    Doesn't matter how many times windows turned on ip6 if its disabled on your router.
    I'm fine with leaving this info here for everybody to learn from and have no interest in emailing you.


  • KyleTseKyleTse Member Posts: 1
    Photogenic First Comment
    I dont know if it is the trend of ipv4 to ipv6, however, my devices seems got the same problem as Genitronics mentioned. 
    As my ISP doesnt have the ipv6 services, and there is no reason why everything once connected to the router, it will be given at least 3 ipv6 address. And my camera is seems under someone's control coz I saw it was turning the camera angle one night, and it turned back after I noticed it. Moreover, all the loT devices is in the remote status, shouldnt it be local instead? So I think we should look deeper and see is there any security problems when applying ipv6 on the internet or intranet. 
  • TudorTudor Member Posts: 1
    First Comment
    The better routers have IPv6 firewall since long ago. E.g. (now) cheap Asus routers flashed with AsusWRT Merlin or John's fork have it. You could buy such an used router and employ it.
  • RainCasterRainCaster My deskMember, Beta Tester Posts: 43
    10 Comments 5 Agrees 5 Awesomes First Answer
    ✭✭
    If there is any segment between you and the Internet that is not IPv6, then you are stuck in IPv4 land. That means your ISP, too.
  • W_T_FW_T_F On EarthMember Posts: 34
    10 Comments 5 Likes Name Dropper Photogenic

    I'm curious about IPv6 also because my Fingbox V2 keeps telling me to disable IPv6 in order to block a few devices. I am not tech savvy and don't know what to choose if I do. If anyone wants to assist and need more info just let me know and I can add a screenshot of my choices. I'll be searching for the answer around here somewhere but I never have any luck. 🤷‍♀️

  • RobinRobin Administrator Posts: 2,388
    100 Answers 1000 Comments 250 Likes 25 Agrees
    admin
    W_T_F said:

    I'm curious about IPv6 also because my Fingbox V2 keeps telling me to disable IPv6 in order to block a few devices. I am not tech savvy and don't know what to choose if I do. If anyone wants to assist and need more info just let me know and I can add a screenshot of my choices. I'll be searching for the answer around here somewhere but I never have any luck. 🤷‍♀️

    he following Fingbox features are compatible with networks that use either IPv4 or IPv6 or both:

    • Digital Presence
    • Intruder and hacker alerts
    • Vulnerability and threat detection
    • Network and device alerts
    • Wi-Fi speed tests
    • ISP Ranking
    • Digital Fence

    Due to technical differences between the IPv4 and IPv6 protocols the following features may provide unexpected results in networks where IPv6 and IPv4 are both enabled. They will not function in networks that are solely IPv6:

    • Internet blocking & pausing
    • Bandwidth analysis

    The majority of modem routers can use either IPv4 or IPv6. We recommend disabling IPv6 on your internal network in order to fully utilize all the features of your Fingbox. Please consult your routers user guide for information on how to do this on your network.

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • PerolinPerolin Member Posts: 2
    First Comment

    There are also good reasons why horse carriages are better than cars. It is a question of the point of view and whether one is open to the next step. 

    NAT is and remains a crutch, as a one-legged person you just got used to it because there was nothing better.

Sign In or Register to comment.