The desire to disable IPv6 (which has been around for quite some time)

terryrwalkerterryrwalker Posts: 4Member
First Comment
edited September 2019 in Fingbox
Disabling it in the router is fine but when is Fing going to take this on and handle it in the tool?
Tagged:

Answers

  • PoohPooh Posts: 675Member, Beta Tester
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    edited September 2019
    Disabling it in the router is fine but when is Fing going to take this on and handle it in the tool?
    How? If the router is also handing out IPv6 addresses by DHCP then each target will accept that. How is the Fingbox meant to stop this?

    You say this ability has been around for some time - care the provide some citations for this as I'd be interested to see how this could be achieved.

    As far as I'm aware, there's 3 ways to disable IPv6:
    1- On the Router\Switch
    2- In the Middle (which would involve the FingBox being placed between the router\switch and everywhere else and then have to become a Wireless AP
    3-On the clients.

    Have I missed a method?
    People say nothing is impossible, but I do nothing every day.
    kltaylor
  • terryrwalkerterryrwalker Posts: 4Member
    First Comment
    My question was meant to address the ability to block a device from my network.  Right now I would have to disable IPv6 on my router to fully block a device since it may be using IPv6 as well as IPv4 when connecting.  I was told when I first got my fing box that they were working on blocking both IP formats.
  • PoohPooh Posts: 675Member, Beta Tester
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    @terryrwalker - I'm unsure if there's a way around this as IPv6 uses cryptographically secured conversations. SEND uses a Public\Private keypair to establish trust that both parties in a conversation are indeed who they say you are; in other words this establishes that your router and only your router can advertise it's the gateway. If someone popped up claiming to be someone else (ala the Fingbox) and attempt to direct packets to it (ARP poisoning) then the client would reject the request.

    Fingbox works because of an exploitable weakness - a home consumer environment doesn't need IPv6 to work - there's simply not enough devices to go around to warrant that.

    SEND was designed from the top down to address these exploitable weaknesses.
    People say nothing is impossible, but I do nothing every day.
    kltaylorHronos
  • kltaylorkltaylor Posts: 760Moderator, Beta Tester
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    Pooh said:
    Disabling it in the router is fine but when is Fing going to take this on and handle it in the tool?
    How? If the router is also handing out IPv6 addresses by DHCP then each target will accept that. How is the Fingbox meant to stop this?

    You say this ability has been around for some time - care the provide some citations for this as I'd be interested to see how this could be achieved.

    As far as I'm aware, there's 3 ways to disable IPv6:
    1- On the Router\Switch
    2- In the Middle (which would involve the FingBox being placed between the router\switch and everywhere else and then have to become a Wireless AP
    3-On the clients.

    Have I missed a method?
    No, you haven't missed a method, those are the three ways to disable IPv6.
    I'm not sure why this question is relevant?  I understand the option to disable IPv6, I do it on my own networks.  The fact is though, IPv6 will eventually be the primary means to assign an address to a device.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • kltaylorkltaylor Posts: 760Moderator, Beta Tester
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    My question was meant to address the ability to block a device from my network.  Right now I would have to disable IPv6 on my router to fully block a device since it may be using IPv6 as well as IPv4 when connecting.  I was told when I first got my fing box that they were working on blocking both IP formats.
    The best way to fully block a device isn't by IPv6, but instead, use the MAC address.  Unless the MAC address is being spoofed, that will be the physical hardware address of the adapter.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • MarcMarc Posts: 724Moderator, Beta Tester
    500 Likes 50 Answers 500 Comments 100 Agrees
    ✭✭✭✭✭
    Guys, I think he's asking when Fingbox will support a method to block devices on IPv6 like they do on ipv4.  It's a valid question and you've given the current answer.  In the end, at some point IPv6 will become more relevant, especially considering its enhanced security etc and its a legitimate request that security products be supported on it.   So maybe this question is probably best answerable by Fing?  Hey @Gidster or @VioletChepil can you give away anything on your plans or is this still a wait and see or is this a never?

    Thats Daphnee, she's a good dog...
    Hronos
  • kltaylorkltaylor Posts: 760Moderator, Beta Tester
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    I guess my question on that though @Marc is what someone is trying to achieve by blocking an IP address?  Unless the device is set as a static IP on a network, the IoT or any other device will simply request to obtain a new IP from the DHCP pool.
    The most logical and complete way to block a device from ever obtaining an IP address would be to block it at the MAC address level.  Therefore denying it the right to request a new IP.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    Marc
  • terryrwalkerterryrwalker Posts: 4Member
    First Comment
    Marc, you are correct.  I simply want to block a device off my network from Fingbox.  
    kltaylor
  • MarcMarc Posts: 724Moderator, Beta Tester
    500 Likes 50 Answers 500 Comments 100 Agrees
    ✭✭✭✭✭

    @terryrwalker replied. He’s trying to block an ipv6 device via Fingbox like he can with an ipv4. Simple request, not such a simple answer. 😉

    Thats Daphnee, she's a good dog...
    kltaylor
  • GidsterGidster London, UKPosts: 224Member
    100 Likes 100 Comments 25 Awesomes 25 Agrees
    ✭✭✭
    @terryrwalker why not head to the feature request section and give this on an upvote!
    https://community.fing.com/discussion/146/ipv6
    Head of Product at Fing
    kltaylor
Sign In or Register to comment.