Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nottorp 21 hours ago

> IPv4 in the home is dead easy

Exactly. I randomly try to "upgrade" to ipv6 in my home once in a while and i always give up because I'd have to do the whole enterprisey setup for no good reason.

Edit:

Basically ipv6 is too complex and automated to hold your home network's whole configuration in your head without effort.

So the techies don't set it up at home unless they have a fetish for overcomplicated setups. They're not familiar with it so they don't push for it at work either.

Adoption is solely driven by ipv4 address space exhaustion. There is no "new toy!" feeling involved.

immibis 20 hours ago | parent [-]

IMO, not having NAT is a "new toy". It allows end-to-end connectivity again. Any peer-to-peer apps work much better on IPv6, and if you're developing one then it's actually possible again.

You could try fd00::1, fd00::2, ... for short internal static addresses. You don't have to use a random prefix in that range - it's just policy (for good reasons that might not matter for a small network).

nottorp 18 hours ago | parent [-]

> Any peer-to-peer apps work much better on IPv6, and if you're developing one then it's actually possible again.

Yeah, and my Windows box is again accessible from the outside with whatever services MS deems to run by default...

Yes, there are firewalls, but isn't it better if a potential attacker doesn't even know what's behind my router?

P.S.: Since webrtc showed up to do whatever it wants with my network, peer to peer has started to mean "donating resources to some company" to me.

Dagger2 17 hours ago | parent [-]

v4 networks commonly only get one IP for the whole network, and people use NAT with port forwarding to make inbound connections work. With this setup, an attacker only needs to scan the 65536 ports on the router to exhaustively enumerate every single publicly accessible server on your entire network, which is about 3 megabytes of traffic and takes approximately no seconds.

On v6, you don't use NAT and networks are /64. Finding every server requires scanning 65536 ports on all 2^64 IPs, which is about 72 billion petabytes of traffic. There are ways to prune this down somewhat, but however you do it the search space is still far larger.

If you want attackers to not know what's behind your router, you want v6.

nottorp 9 hours ago | parent [-]

> to exhaustively enumerate every single publicly accessible server on your entire network

Enterprise thinking. It's not the publicly accessible servers i worry about, it's the other boxes that shouldn't be publicly accessible...