this post was submitted on 05 Oct 2024
48 points (100.0% liked)
Linux
48664 readers
501 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Huh weird that it would be removed, that's a fair comment.
For Web scraping and other activities by so-called "legitimate" companies to varying degrees, this may be the case. But for general bots, they are generally attempting to scan and probe the entire IPv4 range, since it can be exhaustively checked in a reasonable amount of time and the majority of IPs have hosts on them. Enumerating the entire IPv6 space is quite literally impossible without some external list of hosts known to exist, due to the number of hosts. This happens, but it's a much higher hanging fruit for an attacker so far fewer will bother. So you generally see few to no continuous probes on things like sshd over IPv6 unless you have a domain name. I'm guessing a lot of bots (in botnets) are dumb old technology that doesn't even have IPv6.
NAT was always a hacky workaround. And although it effectively ends up functioning as a firewall under normal usage when combined with a typical "drop invalid incoming packets" rule, it was not designed to be a firewall and shouldn't be assumed to always function as one. A simple accept established, default drop firewall rule should do the trick and should be used on both v4 and v6 regardless of NAT (and probably is on your router already).
If your goal is privacy in the sense of blending in, you can still use NATv6 and this is a good use case for it. This is what VPNs like Mullvad use. If your goal is privacy in the sense of being more difficult to track across sessions, you can enable IPv6 privacy extensions which essentially generates a new IPv6 address for every connection your device makes. So in this sense it's more private than IPv4