We don't talk about IPv5
-
This post did not contain any content.
I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.
No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.
Fortunately, Google reports that IPv6 adoption is close to cracking 50%.
-
This post did not contain any content.
I wrote and ipv6 parser once.
Never again.
-
I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.
No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.
Fortunately, Google reports that IPv6 adoption is close to cracking 50%.
Fine, I won't invite you to our bi-annual TURN server appreciation event.
-
I use IPv6 every day and everywhere I can. It solves so many issues in large corporate and ISP network setups. And yes 10. Wasn’t big enough, and NATing is a PitA.
Honestly we just keep pushing it off when it’s not that bad. Workaround after workaround just because people are lazy.
I agree with everything you said but it still doesn't make me hate ipv6 less.
-
This post did not contain any content.
https://en.m.wikipedia.org/wiki/Internet_Stream_Protocol
In case anyone wants to know what not to talk about.
-
I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.
No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.
Fortunately, Google reports that IPv6 adoption is close to cracking 50%.
We use NAT all the time in industrial settings. Makes it so you can have select devices communicate with the plant level network, while keeping everything else common so that downtime is reduced when equipment inevitably fails.
-
I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.
No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.
Fortunately, Google reports that IPv6 adoption is close to cracking 50%.
I think NAT is one reason why the internet is so centralized. If everyone had a static IP you could do all sorts of decentralized cool stuff.
-
We use NAT all the time in industrial settings. Makes it so you can have select devices communicate with the plant level network, while keeping everything else common so that downtime is reduced when equipment inevitably fails.
That's nothing that can't be done with a good set of firewalls on IPv6.
-
I think NAT is one reason why the internet is so centralized. If everyone had a static IP you could do all sorts of decentralized cool stuff.
Right, not the only reason, but it's a sticking point.
You shouldn't need to connect to your smart thermostat by using the company's servers as an intermediary. That makes the whole thing slower, less reliable, and a point for the company to sell your personal data (that last one being the ultimate reason why it's done this way).
-
I know it's a joke, but the idea that NAT has any business existing makes me angry. It's a hack that causes real headaches for network admins and protocol design. The effects are mostly hidden from end users because those two groups have twisted things in knots to make sure end users don't notice too much. The Internet is more centralized and controlled because of it.
No, it is not a security feature. That's a laughable claim that shows you shouldn't be allowed near a firewall.
Fortunately, Google reports that IPv6 adoption is close to cracking 50%.
You are right, but I wish ipv6 was less shitty of a replacement.
-
In my personal life I will probably "never" intentionally use ipv6.
But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than "it's hard"
It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
-
You are right, but I wish ipv6 was less shitty of a replacement.
There is something there, but mostly I think existing net admins try to map their existing IPv4 knowledge onto IPv6. That doesn't work very well. It needs to be treated as its own thing.
-
It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
And I would consider a detailed argument on why it is more secure to disable it to be a good reason.
Personally? I consider an IT team who don't know how to secure an ipv6 enabled network to not be competent. But that is a different conversation.
-
This post did not contain any content.
I know its a joke but man its annoying to go from something that is organized in a human readable way to one where you have to rely on the system. I am someone who hates databases though so I have always been like this. Heck way back in the aughts I used to complain that my job involved more seeing and issues and fixing it and the systems were getting to were I feel more like im counseling it.
-
And I would consider a detailed argument on why it is more secure to disable it to be a good reason.
Personally? I consider an IT team who don't know how to secure an ipv6 enabled network to not be competent. But that is a different conversation.
Yeah, I run dual stack without much trouble myself. I believe it is mainly difficult for people because eyeball diagnostics are impossible with 6.
-
This post did not contain any content.
C’mon, IPv4 has so many problems. Sure, let’s reserve a whole /8 for a single loopback address, that’s efficient.
-
This post did not contain any content.
CGNATs suck ass though, I had to buy a vps just to access my own network outside my home.
-
It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.
Just a heads up, you linked to the same article twice
-
In my personal life I will probably "never" intentionally use ipv6.
But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than "it's hard"
Realistically no organization has so many endpoints that they need IPv6 on their internal networks. There's no reason to deal with more complicated addressing schemes except on the public Internet. Only the border devices should be using IPv6.
Hopefully if an organization has remote endpoints which are connecting to the internal network over the Internet, they are doing that through a VPN and can still just be assigned IPv4 addresses on dedicated VLANs when they connect.
-
You are right, but I wish ipv6 was less shitty of a replacement.
I worked with one of the inventors of IPv6 for a bit of time, and I think knowing Carl really gave me an insight into who IPv6 was invented for, and that's the big, big, big networks — peering groups that connect large swaths of the Internet with other nations' municipal or public infrastructure.
These groups are pushing petabytes of data every hour, and as a result, I think it makes their strategists think VERY big picture. From what I've seen, IPv6 addresses very real logistical problems you only see with IPv4 when you're already dealing with it on a galactic scale. So, I personally have no doubt that IPv6 is necessary and that the theory is sound.
However, this fuckin' half-in/half-out state has become the engine of a manifold of security issues, primarily bc nobody but nerds or industry specialists knows that much about it yet. That has led to rushed, busy, or just plain lazy devs and engineers to either keep IPv6 sockets listening, unguarded, or to just block them outright and redirect traffic to IPv4 anyway.
Imo there's not much to be done besides go forward with IPv6. It's there, it's tested, it's basically ready for primetime in terms of NIC chip support... I just wish it weren't so obtuse to learn.
