Mei 
HazelnootImagine the IoT botnets that will appear if IPv6 ever gets adopted as planned 
@hazelnoot wherefore?
luna the doggie 
@hazelnoot not sure how IPv6 helps botnets tbh, you mainly have to change your blocking approach to binning by /64 instead of individual addresses
The E2E connectivity doesn't change much when even the simplest home routers have stateful firewalls for both IPv4 and IPv6
The E2E connectivity doesn't change much when even the simplest home routers have stateful firewalls for both IPv4 and IPv6
@lunareclipse oh, I just meant the whole "every device is exposed to the internet instead of behind a NAT" bit
@hazelnoot again it's not really exposed because it's behind a firewall that won't just allow random inbound connections.
Every single router I've ever seen does the following by default:
- allow all outgoing connections from LAN
- deny all incoming connections to LAN
+ unless it's a response to a connection initiated by a host inside the LAN
+ unless it's on a user-defined list of exceptions
The NAT technically obscures the internal IP sometimes but if you care about that, every desktop OS is now capable of generating randomized IPv6 addresses inside your subnet that are rotated as often as every 12 hours in some cases. So the only "persistent" identifier ends up being your subnet prefix which is as much information as an external IPv4 address
Every single router I've ever seen does the following by default:
- allow all outgoing connections from LAN
- deny all incoming connections to LAN
+ unless it's a response to a connection initiated by a host inside the LAN
+ unless it's on a user-defined list of exceptions
The NAT technically obscures the internal IP sometimes but if you care about that, every desktop OS is now capable of generating randomized IPv6 addresses inside your subnet that are rotated as often as every 12 hours in some cases. So the only "persistent" identifier ends up being your subnet prefix which is as much information as an external IPv4 address
princess pancake 
@hazelnoot @lunareclipse I think if that was the case, attackers would already hole punch their way in