Did ipv6 creators were on crack or something? How the fuck should I remember this address if I need it...

Wrong™

You mean as they do today?

A ipv6 internet-facing address behind a ipv4 nat is the proper way of doing things.

Attached: pgq2sqc2g5911.jpg (461x631, 46K)

What's the problem with every device having its own address?
Don't you guys have firewalls?

nothing, nat shitters are stupid and equate nat as some privacy/security issues when it's literally neither.

Nat is a ridiculous contraption which sole purpose is to work around the issue that 4 billon addresses is not nearly enough to serve the internet.

>durr urrr urr durrr *drools* urrr urrr
Op is cream de la crop of Jow Forums

>How the fuck should I remember this address if I need it
DNS and hostnames exist, you fuck. Also, there's no need to remember the network part, just the host part.

This. What the fuck are you guys thinking?

Before:
>scan ip4 range for routers with known exploits
>abuse exploit and tunnel into LAN
>now a trusted member of the subnet
>find nearest printer and print out 1000 copies of dickbutt / epic fail guy

After:
>scan ip6 range for routers with known exploits
>abuse exploit and tunnel into LAN
>now a trusted member of the subnet
>find nearest printer and print out 1000 copies of pepe / boomer meme pics

Attached: twitter.png (1290x433, 640K)

Design by committee is indistinguishable from design by crack inhalation. Just saying.

These

blog.webernetz.net/why-nat-has-nothing-to-do-with-security/

And they all use the same prefix.

>everybody realizes the more people are on the internet the shittier it has gotten
>for some reason the same people want to enable more third world shitters on said network

>scan ipv6 range
>40 billon years later, find vulnerable router
>find nearest printer, print 1000 copies of long lost civilization culture piece

How does that boot taste?

>oh no, I only have 2^64 different permutations I can use

It's about removing dimbfuck niggers such as yourself from the internet, not about making it a technical challenge to provide basic service for everyone involved.

lol

Good luck scanning 128-bit of address space loser

so at worst it's exactly like it is today?

faggot spotted

>All ipv6 allows for is governments to track you easier
How? I do not think you know what you are talking about.

Since host address is 64 bit, it's at least 2^32 times better than it is today.

>increasing the address space so that every stupid fucking IoT device from every stupid manufacturer in every corner of the globe can have their own snowflake public address is going to /remove/ dumbfuck niggers from the internet

Attached: 1351220456955.jpg (672x701, 77K)

Yes you illustrate my point well, by being terminally braindead and completely missing the idea.

>implying mac addresses doesn't already exist

Please enlighten me, o prophet of the coming of ipv6.

It's funny how clapistanis think of ipv6 as something futuristic and new, meanwhile I've had public ipv4 and ipv6 for years.

what the fuck is wrong with a device specific IPv6 address? if we all had unique ipv6 addresses, then we could just buy a domain name, associate all our devices with it and multicast each other's list of devices when people want to place a "phonecall" and not pay for a stupid unique phone number.

Thats hot.

that's not even necessary though. VoIP existed for decades by now and has an addressing scheme similar to e-mail (i.e. [email protected]), which I think makes more sense since not every random person would want to set up his private infrastructure just to make a phone call.

I meant SIP, not VoIP.

>forcing your school to force IT janitors to move printers to private networks effectively raising your own tuition and lowering the quality of your education.

>SIP
SIP is shit and require deep packet inspection/ALGs to circumvent NAT anyway.

implying your isp doesnt keep ipv4 dhcp logs that will be handed over by court order anyway

>dns goes down for one reason or another
>whoops! hope you remember the 128 bit sequence or else you're fucked and cannot access the internet :^)

>not using a backup DNS
In that case you deserve it.

are you not located on earth?? use google dns

How many "backups" do you have? What will you do if they all go down at the same time?

Most of the times, there's a great chunk of a IPv6 adress that is filled with zeros...

>How many "backups" do you have?
Two, including my primary DNS. My ISP's is the primary, followed by my former university's, followed by Google.

>What will you do if they all go down at the same time?
If they all fail, I'm pretty sure nuclear war has broken out.

>Did ipv6 creators were on crack or something? How the fuck should I remember this address if I need it.
is using ipv4 notation any easier? 32.1.13.184.18.52.21.44.18.180.70.120.211.52.9.175 is what that address would be using standard notation.
the advantage with ipv6 notation is you can omit repeating leading 0's, so something like 2001:0000:0000:abcd:1285:0000:0000:ab can be written as 2001::abcd:1285::ab

>>dns goes down for one reason or another

then we got a lot of other problems if pretty much every dns is unreachable.

>found it a funny tweet
>hoping for normal people to laugh at the nerds
>see this
This is so fucked. Who intentionally misunderstands a joke to rag on a popstar that's past her prime. He didn't even make it funny.

Not every, but say all the ones in your country

the article literally says "here are all these features which NAT provides which do in fact the security posture of a network, but here is why I dont like them"...
defense in depth, my dude.
and keeping hosts off public address space means one more layer of defense an attacker has to compromise.
NAT may not be an ideal security device, but it does provide some minimal level of protection.
if there were enough ipv4 addresses to have every home computer on public address space the number of worms getting around would be insane as they infect every granny and grampy that never patch and only have their ISP router to shield them from public address space.
yes, NAT was not designed to be a security technology, but there is an undeniable level of protection it provides for the normies and elderly

You're connected to the Internet. Use a server that's abroad. Also, if all DNS servers in your country goes down at once, I'd say there's something seriously fishy about your country's infrastructure.

You didn't understand the point of the article at all, apparently. NAT is not a substitute for security at ANY level, not even a minimal one. It offers NO protection that a default configured firewall in your gateway router doesn't already provide.

>Administrators feel more secure if their network topology is hidden from the outside. However, an attacker is only able to do harmful activities if he hasaccessto a device in the internal network. If he really wants to enter your network, he will find a way to do so, whether you are using NAT or not, e.g., via social engineering, phising e-mails, or malware at al. In that case he is even able to do network scans from the inside of the network. That is: NAT as a hiding feature is useless if the attacker is able to access any of the internal devices!
I'm all for getting rid of NAT but this is a terrible response.

she got a lot of better tweets like
>every odd number that exists has the letter e in it
>hippos have pink sweat

It's true though. NAT doesn't make your internal devices inaccessible, it only breaks existing protocols. See

>in your gateway router
you mean the device that provides NAT'ing for me?
and yes it does. granny sitting at home with her unpatched windows XP isnt directly accessable from public address space when its NAT'ed. if she were on public address space the computer would be compromised in 24 hours.
there is an undeniable level a security NAT provides, although I agree, it is not a security feature itself

>smart watches with GIGABYTES of memory exist
>waah IP poo poo

IPv6 should last a while. Even if everyone on earth were given a trillion IPv6 address each, there would still be uncountable number of IPv6 addresses left for millions of years.

>NAT doesn't make your internal devices inaccessible
it literally does though unless if the NAT'ed device makes the connection first or you have enabled port forwarding. there is no way a host at 8.8.8.8 can connect to a host at 192.168.0.1 without port forwarding requiring an intermediary IP address such as 97.97.97.97, or having 192.168.0.1 establish the connection, and then its only achieved by a combination of SNAT and DNAT

>it literally does though
It literally doesn't. Cross-site scripting is still one of the most common vulnerabilities, and NAT doesn't do shit to prevent this. From there, plenty of vulnerabilities that open up for remote code injection has been exploited in the past.

You don't need to establish a reverse connection, when you can use an existing outbound connection to manipulate a host into establishing other outbound connections.

Assuming that a computer is inaccessible only when it is unreachable for inbound connections just demonstrates a lack of understanding of how network protocols work, IMO.

not only that, but you can still have upstream firewall/routing in ipv6 anyhow. nat is just a really bad meme.

>not only that, but you can still have upstream firewall/routing in ipv6 anyhow
Yes, indeed. As said previously, NAT offers NO protection beyond what a sensible default configured firewall already does. A firewall can be configured to drop outbound connections as well as inbound ones.

>It literally doesn't. Cross-site scripting is still one of the most common vulnerabilities, and NAT doesn't do shit to prevent this. From there, plenty of vulnerabilities that open up for remote code injection has been exploited in the past.
your right, nat doesnt do shit when the client connects to a malicous host or has the tcp stream mitm'd. but the lack of NAt does nothign for that either.
NAT also doesnt do shit if you download a trojan and install, but its still a moot point.
NAT doesnt do shit in a lot of situations but it does in others.
defense is in depth and NAT is another layer to security.
>Assuming that a computer is inaccessible only when it is unreachable for inbound connections just demonstrates a lack of understanding of how network protocols work
but you would agree that this blocks a large portion of connection attempts?
have you ever managed a server on public address space? you will be scanned and have exploites sent to the machine all day long.
NAT absolutely protects NAT'ed hosts from being directly targeted in this manner

no, it literally doesn't do anything other make your network pointlessly annoying.

>A firewall can be configured to drop outbound connections as well as inbound ones.
i agree, but as user mentioned here: (most) firewalls wont do shit for an xss attack. neither will nat.
and I agree that if you have a properly configured firewall you can have the same level of protection as nat with one simple rule
iptables -A INPUT -m state --state NEW -j DROP

and you would consider this a useful firewall rule, correct?
all i am arguing is that NAT provides a very similar level of proteciton to this single rule for all hosts that are NAT'ed

>but you would agree that this blocks a large portion of connection attempts?
Firewalls drop connection attempts, not NAT. There is literally no "connection attempt" for hosts behind a NAT, because they aren't really connected to the net due to how NAT works.

The firewall is the first line of defence. After this, you have other techniques, such as DMZs etc.

Since NAT violates existing network protocols, and decoupling your LAN devices entirely, NAT only "blocks" connections in the same sense that turning off your network interface does... It's technically correct, but it adds very little.

Yes yes obfuscation is not security. I'm well aware.
But if your response to admins feeling more secure with NAT is to explain that their feeling of security comes from obfuscation (which they explicitly know here) and that there's ways to break that obfuscation. You're not really making a good point.

The argument shouldn't be centered around how sufficient work bypasses this as if nobody understands what obfuscation is. But it was.
If this WERE an effective argument that'd imply that the admins were unaware of how obfuscation isn't security and you've just acted as if they all know. You shouldn't lead with that. The author could probably spot that they and the admin have different values here.
The way to deal with that is a call for reevaluation. The entire article is structured as if these issues aren't intertwined. As if obfuscation is completely useless (and if you've played a CTF with debug symbols include vs without you'd know it's not).

>Firewalls drop connection attempts, not NAT. There is literally no "connection attempt" for hosts behind a NAT, because they aren't really connected to the net due to how NAT work
i agree.
NAT prevents the conneciton from being made to the private host in the first place because the private addresses are publically unroutable.
there is no connection to drop as it can never be established from the outside in the first place

>cant remember the address of alternate dns because it's another 128 bit sequence
cucked again

>But if your response to admins feeling more secure with NAT is to explain that their feeling of security comes from obfuscation (which they explicitly know here) and that there's ways to break that obfuscation. You're not really making a good point.
See The argument that NAT provides security because it makes incoming connections impossible is the same as arguing that disabling your network interface provide the same level of security, IMO.

i agree, a firewall is more powerful than NAT.
but for granny and gramps who dont know how to properly configure a firewall, and the ISP who cant be bothered every time they want to stream Netflix, NAT undoubtedly provides some degree of security for their house that they would be lacking if they were connected directly to public address space without a firewall

>The argument that NAT provides security because it makes incoming connections impossible is the same as arguing that disabling your network interface provide the same level of security, IMO.
maybe it would be more similar to disabling your network interfaces on new, incoming connections and only working when the client opens a connection somewhere.
the end result is that new connections originating from the host can leave, but new connections originating externally will not contact you pc
and this is unarguably a certain level of security

So calling it a security measure is misleading, is the point I'm trying to make. It offers the same security as yanking out the network cable. Sure, you buttfuck your connections, but so does most forms of NAT to be honest.

You're not even responding to me.
Read you dumb bitch. I'm not arguing that NAT is somehow security. It's in the first fucking sentence.

>but for granny and gramps who dont know how to properly configure a firewall, and the ISP who cant be bothered every time they want to stream Netflix
The ISP-issued AP/router/DSL modem I have came with a default configured firewall. So has all the ISP issued equipment I've used for the last 25 years.

The argument that it serves some form of minimal protection is misleading.

>So calling it a security measure is misleading, is the point I'm trying to make
i dont think i every tried calling it a security measure, i made the point:
>there is an undeniable level a security NAT provides, although I agree, it is not a security feature itself
which it looks like you are finally agreeing with me
>The argument that it serves some form of minimal protection is misleading.
no, it is not. it serves the same effective level of protection as a firewall with this single rule enabled: iptables -A INPUT -m state --state NEW -j DROP

>The ISP-issued AP/router/DSL modem I have came with a default configured firewall
good for you

ITT
>OP doesn't know how basic routing works
>Tin foil hats think IPV6 is a government conspiracy
>OP doesn't know how to condense IPV6 with ::
>OP doesn't know about DHCPv6
>Jow Forums thinks NAT and proxies are the same thing
>OP whines about DNS being volatile despite the ridiculous amount of DNS on the internet and IPv6 using Neighbor Discovery internally

>which it looks like you are finally agreeing with me
No, it's not security. It's not protection. It's simply deliberately crippling your connectivity by violating protocol design and calling it a feature.

It's the same as yanking out the network cable and proclaiming that it offers protection against chinese hackers for granny and grandad.

>ITT
More like in the first few posts.

This

>t's the same as yanking out the network cable and proclaiming that it offers protection against chinese hackers for granny and grandad.
well, objectively speaking this is absolutely true
and i dont think granny and gramps are using anything that gets broken by NAT, such as rlogin/rsh, Kerberos, IPsec, ONC RPC/NFS, and i dont think they have hosts that need ip name resolution so we can cross off DNS as well.
yes, if you are a business, then there are much better options than NAT.
but for the standard home user, NAT is the better suited option

>and i dont think granny and gramps are using anything that gets broken by NAT
VoIP (see SIP and ICE/TURN/STUN workarounds) and any form of peer-to-peer video conferencing service, forcing them to use centralized services such as Facebook messenger or Facetime.

For 10 year old billy, any form of UDP connection require the use of UPnP, which in practice means that you weaken any form of protection NAT might have offered by actually punching holes through it for incoming connections. Open ports using time-based sessions that can easily be exploited by chinese hackers.

Unless he lives in the Vatican, Lichtenstein, Monaco and some other ridiculously tiny country, that's literally impossible.

>obscurity is not security
Then post your email addresses and their passwords, dipshits.

>superior tech
>g's argument against is aesthetics

fucking autists

t. someone who doesn't work in networking fields

There are lots of places where IPs are required over DNS. Not that you care since you're a NEET and will never have to deal with this issue or have a job that does.

ok dipshit. then you'd store it in some retrievable store of information. "human rememberability" is literally not an argument.

>forcing them to use centralized services such as Facebook messenger or Facetime.
what do you mean 'forcing' them to use? we are talking about granny and gramps here, they are going to use facebook and facetime by choice for video chatting, they are not going to install software and configure shit themselves
>which in practice means that you weaken any form of protection NAT might have offered
so you admit that NAT does offer some level of protection?
nobody is arguing that there are not better ways to secure a network, but you seem to be arguing that NAT provides zero protection, although you just contradicted yourself here by saying there is some level of protection which is lessened with upnp

>>obscurity is not security
>t-then give me all your private keys, b-baka

Attached: jofsfofos.png (337x309, 143K)

IPV6 has been around for ages now.
Why is this even a point for discussion?

>There are lots of places where IPs are required over DNS
well technically IPs are required 100% of the time.
DNS just resolved a name to an IP, and IPv6 is no different, we had AAAA records for that
and any program which requires an IP and cant handle a host name is only so because it wasnt developed with the ability to resolve host names and there is no reason why that ability could not be added

>2018 and working at a company that expects people to remember ipv4 or ipv6 addresses and doesn't have them recorded in virtual documents accessible to the development team

looks like we found the guy who is a part of a sinking ship

>straight chicks larping as lesbians to get scholarships/internships/aa jobs