What's new

AIProtection and ipv6

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

IsaacFL

Regular Contributor
Does anybody know if the AIprotection works with the ipv6 traffic?

Probably at least 60% of my traffic is ipv6 but when I look in the tab for AiProtection/Two-Way IPS is shows numerous ipv4 events, but never an ipv6 event?

Does this mean it is just not checking ipv6? or just never have ipv6 events?

Using Merlin 384.4.2 but I assume this is baked in Asus.
 
An interesting question. Mine too only shows IPv4.
Same with both Merlin & OE firmware.
Maybe IPv6 traffic is viewed differently? Maybe doesn’t have the same problems?
Dunno, above my pay grade ;-)
 
Probably at least 60% of my traffic is ipv6 but when I look in the tab for AiProtection/Two-Way IPS is shows numerous ipv4 events, but never an ipv6 event?

IPv4 consists of 4,294,967,296 different IPs (with many of these not available on the Internet).

IPv6 consists of 340,282,366,920,938,463,463,374,607,431,768,211,456 different IPs.

How long do you think it would take a hacker to try all 340,282,366,920,938,463,463,374,607,431,768,211,456 IPs while searching for vulnerable devices to attack? :)

That might be a reason why you never see any IPv6-based attack. It also means that IPv6 might reduce the amount of drive-by infections once it's widely deployed (assuming it ever is).
 
The other thing too, is that every time I access a website using ipv4, I am using the same ipv4 address as the source address, since I only have the one assigned by ISP and you can assume some sites are storing the address.

I noticed that some of the ip's in my IPS list are owned by the same company as some blogsites I had visited only the day before.

However, when I access sites using ipv6, my ipv6 address due to privacy extensions, changes. The only thing they would know for sure is what /64 subnet I have, and as you point out trying to scan the whole /64 would be fruitless.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top