But it is a DAMNED good sniff test to figure out if an IT/NT team is too dumb to live BEFORE they break your entire infrastructure. If they insist that the single most important thing is to turn it off on every machine? They better have a real good reason other than "it's hard"

[–] nightwatch_admin@feddit.nl 17 points 2 days ago (11 children)

It’s vulnerable af. And I mean really, it’s as bad as Netscalers or Fortigate shit. Like https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ or https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/

Problem is, yes it’s hard to implement but it’s even a lot harder to get it properly secured. Especially because few people are using it, and not securing it is worse than disabling it.

[–] NuXCOM_90Percent@lemmy.zip 19 points 2 days ago (5 children)

And I would consider a detailed argument on why it is more secure to disable it to be a good reason.

Personally? I consider an IT team who don't know how to secure an ipv6 enabled network to not be competent. But that is a different conversation.

[–] StarlightDust@lemmy.blahaj.zone 1 points 1 day ago (1 children)

It has less eyes on it due to it being less popular. It also introduces an extra vector of attack.

[–] Auli@lemmy.ca 2 points 1 day ago (1 children)

It does not have less eyes on and it's 50% of Google traffic.

[–] jj4211@lemmy.world 2 points 9 hours ago

Think they mean local networks.

If an IT department carefully curates IPv4 but ignores IPv6, then a rogue actor can set up a parallel IPv6 network largely without being noticed.

IPv6 can be managed, just that it is a blindside for a lot of these departments.

load more comments (3 replies)

load more comments (8 replies)

load more comments (12 replies)