Reply to post: Re: IPv6 consumer devices are a dumpster fire

It's begun: 'First' IPv6 denial-of-service attack puts IT bods on notice


Re: IPv6 consumer devices are a dumpster fire

Or not so much. I know it's popular to rag on IoT stuff, but let's actually think about it for a moment. Let's imagine someone who buys a network camera, and who then configures their network so the camera is accessible from the internet so that they can look at it from work (because why else buy a network camera?).

On v4, the camera is found by scanners within a few hours, because the v4 space is tiny and easy to exhaustively scan. On v6? Not so much. You could spend a million times the effort scanning v6 and not even scratch a single /64, let alone all of the rest of the /64s. The camera is relatively unlikely to be found, and thus relatively unlikely to be exploited. This is still the case even if someone completely shuts down their firewall (which I suspect isn't really going to be the most common configuration).

Now, it's true that security by obscurity isn't security and there are various ways to narrow down the search space, but nevertheless if you make it much harder to find your IoT devices it's going to make it correspondingly hard to do anything to them. If anything, v6 seems like it should make the situation better rather than worse.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019