Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.
Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
Happy posting!
Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
Happy posting!
IPV6
Genitronics
Member Posts: 3
Dear Fing friends,
I'll post this IPV6 issue I encountered.
IPV6 seems to allow passthrough the firewall if activated on your router.Ther where before you had to configure a NAT (IPV4) translation based on a dedicated or chosen port for your devices on the LAN.
With IPV6 it seems the router let communication pass even if no NAT translation is configured in the firewall of the router.To us this a risk for all CCTV, Alarm, IoT, NAS and remote accessible devices. IPV6 should only be used by the internet providers and turned off in your router and all clients on the LAN.
It seems that windows tunrs on IPV6 after updates, so checking those settings on all NICS is needed.
From what I red IPV6 contains in a header off each communication packet the needed information to reach its IPV6 end point if IPV6 on that device is active.
UPNP and P2P are also high risks, for us most safe so far is IPV4 with NAT translation.
[email protected] if people not agree on this analyse.
I'll post this IPV6 issue I encountered.
IPV6 seems to allow passthrough the firewall if activated on your router.Ther where before you had to configure a NAT (IPV4) translation based on a dedicated or chosen port for your devices on the LAN.
With IPV6 it seems the router let communication pass even if no NAT translation is configured in the firewall of the router.To us this a risk for all CCTV, Alarm, IoT, NAS and remote accessible devices. IPV6 should only be used by the internet providers and turned off in your router and all clients on the LAN.
It seems that windows tunrs on IPV6 after updates, so checking those settings on all NICS is needed.
From what I red IPV6 contains in a header off each communication packet the needed information to reach its IPV6 end point if IPV6 on that device is active.
UPNP and P2P are also high risks, for us most safe so far is IPV4 with NAT translation.
[email protected] if people not agree on this analyse.
Tagged:
0
Comments
Excuse me, but first read up on IPv6 and understand the new concepts. That it doesn't need NAT anymore is one of the big advantages of IPv6!
By the way: there are hardly any iot devices that are ready for IPv6
The entire concept is based on end to end communication. Using end to end addressing.
There are ip6 firewall settings for devices (routers, firewalls, etc) that support it.
Doesn't matter how many times windows turned on ip6 if its disabled on your router.
I'm fine with leaving this info here for everybody to learn from and have no interest in emailing you.
As my ISP doesnt have the ipv6 services, and there is no reason why everything once connected to the router, it will be given at least 3 ipv6 address. And my camera is seems under someone's control coz I saw it was turning the camera angle one night, and it turned back after I noticed it. Moreover, all the loT devices is in the remote status, shouldnt it be local instead? So I think we should look deeper and see is there any security problems when applying ipv6 on the internet or intranet.
I'm curious about IPv6 also because my Fingbox V2 keeps telling me to disable IPv6 in order to block a few devices. I am not tech savvy and don't know what to choose if I do. If anyone wants to assist and need more info just let me know and I can add a screenshot of my choices. I'll be searching for the answer around here somewhere but I never have any luck. 🤷♀️
he following Fingbox features are compatible with networks that use either IPv4 or IPv6 or both:
Due to technical differences between the IPv4 and IPv6 protocols the following features may provide unexpected results in networks where IPv6 and IPv4 are both enabled. They will not function in networks that are solely IPv6:
The majority of modem routers can use either IPv4 or IPv6. We recommend disabling IPv6 on your internal network in order to fully utilize all the features of your Fingbox. Please consult your routers user guide for information on how to do this on your network.
Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
There are also good reasons why horse carriages are better than cars. It is a question of the point of view and whether one is open to the next step.
NAT is and remains a crutch, as a one-legged person you just got used to it because there was nothing better.
IPV6 as provided today is not secure on you local network.
To explain to non technical people, you can leave your frontdoor from your house open so nobody needs to use the key to open it.
It makes it easy, but not sure you will enjoy someone in your house that was not invited
Only actual advantage of IPV6 is that internet providers have more IP addresses than before.
The end to end communication allowed by IPV6 is a treat.
And yes as some people suggested after our post, you don't need IPV6 on your LAN turn it off in the router and on all local devices.
@Genitronics you are flat out wrong. I was going to say misinformed, but that would require you to actually do some research into the subject. This info your passing off is probably just something you heard somebody else- who did no research- say and your just repeating it.
Your idea that the only advantage is adding more IP addresses shows how limited your grasp of networking is as a whole. Posting on a subject where you don't even have a basic grasp on the concept isn't helping anybody. You haven't even gone as far as a Google search for the ip6 benefits over ip4.
I'm not going to explain it to you here, do your own research. I doubt you will bother. People have corrected you from your original post in this thread, and it doesn't look like a single bit of that was processed, because your still way off track.
There are just as effective ways of controlling io6 traffic as ip4. Anything can be blocked or allowed to pass and it's a much more effective transport protocol with added security.
I’m sure I’m not the only person using Xfinity’s “Xfi” router/modem so if anyone else has figured out how to disable IPV6, please post. I have IPV4 set on the highest security but IPV6 options are either disable the entire firewall or block certain ports. I’d like to do SOMETHING so my Fingbox will stop scolding me when I try to block an unknown intrusive device. It easily gets through anyway, in spite of Fingbox.
But they don't want to explain... which is the meaning of this kind of forum I thought.
So people believe who you want...
"im not going to explain it to you here, do your own research. I doubt you will bother. People have corrected you from your original post in this thread, and it doesn't look like a single bit of that was processed, because your still way off track."
Proteck be more specific who corrected what...