this post was submitted on 17 Sep 2025
427 points (98.4% liked)

Programmer Humor

26407 readers
555 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
427
Have you been exposed to an IPv6 address at work? (infosec.pub)
submitted 1 day ago by qaz@lemmy.world to c/programmer_humor@programming.dev
34 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Laser@feddit.org 1 points 1 day ago (1 children)

Idk man, NAT makes a lot of sense once you get used to it.

That's a lie, NAT is bullshit, sometimes necessary, but it will never "make sense".

[–] slate@sh.itjust.works 5 points 1 day ago (3 children)

I like that none of my local devices are externally addressable unless an outgoing connection has been established. You can (and should) achieve the same thing with ipv6, but then it's essentially just maintaining a NAT table without the translation piece. I think that makes sense in both protocols.

[–] r00ty@kbin.life 7 points 1 day ago

With IPv6 for most use cases there's actually more security. With privacy extensions (pretty sure it's enabled on windows by default), when you make connections from your device, it uses a "private" IP. That is a randomly chosen address inside your network's prefix, that changes regularly.

These addresses don't accept incoming connections. You have a main address that doesn't really change that you accept connections on. Firewall that for ports you want to allow and then hackers need to port scan 2^64 or 2^80 address space to find your real IPs in your prefix. If they capture your IP from a connection to a web server etc, they won't have luck scanning you.

Again as per my post above, the biggest risk right now is bad default configurations on many home routers.

[–] eager_eagle@lemmy.world 3 points 1 day ago (1 children)

exactly, I also like this peace of mind for my home network and see no benefit in using ipv6 there. Similarly for any VPC I deploy to an IaaS.

[–] unquietwiki@programming.dev 2 points 19 hours ago

I'm actually trying a hybrid approach with some VPCs: use firewalled IPv6 ports for remote management, direct to the VMs; while siphoning off the IPv4 traffic to a basic Linux host with Netfilter rules acting as a NAT router. I keep the benefits of using IPv6, without eating up a bunch of external IPv4 addresses, that I would also have to account for on filtering.

[–] Laser@feddit.org 2 points 1 day ago

I like that none of my local devices are externally addressable unless an outgoing connection has been established.

This can also be achieved using (other) firewall rules.

but then it's essentially just maintaining a NAT table without the translation piece.

So... a firewall?

NAT isn't a security feature and shouldn't be relied on for managing access to hosts.

It also breaks the assumption of IP that connections between hosts are end-to-end, which requires sophisticated solutions so that everything works (more or less).

I too employ NAT to make services accessible over IPv4. But only because it doesn't work otherwise. Not because it "makes sense". I don't use it at all for IPv6.