What's new

Dual Stack home network pros and cons

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I guess the point I am trying to make is, even though the IPv6 firewall may be "very light," your internal devices are not accessible from the outside with IPv6 enabled.
not trying to beat around the bush, but that is not necessarily true, especially with internal devices making out bound connections.
 
not trying to beat around the bush, but that is not necessarily true, especially with internal devices making out bound connections.
I am trying to understand. Can you elaborate? I have tested this several times with the IPv6 firewall on and I haven't seen an exposure. Once the IPv6 firewall is turned off, of course, there are issues.
 
Scan for open ports and also attempted to access ports and service that I know to be open.
Neighbor Discovery can easily pose a risk with MITM attacks. With IPV4 there is NAT and stateful firewalling where internal controls allow outbound connections of internal devices while rejecting vice versa from occurring from the same instance.
 
Neighbor Discovery can easily pose a risk with MITM attacks. With IPV4 there is NAT and stateful firewalling where internal controls allow outbound connections of internal devices while rejecting vice versa from occurring from the same instance.
Do you know of any examples where an ASUS customer's private network has been penetrated because the IPv6 firewall on ASUS devices is insufficient? I understand with IPv6 there is no NAT. Thats the nature of IPv6. But, if there is a major concern with the firewall on ASUS routers, especially for customers who only have IPv6, it sounds like you are saying they should not be using ASUS routers.
 
This is why people should be testing and using IPv6 - can fix things that devs don't know is broken...

What about business firewalls? Play guinea pig and let us know?
Paid developers had 10+ years time to test IPv6 and make it work.
 
So, do you know of any examples where an ASUS customer's private network has been penetrated because the IPv6 firewall

Asus routers come with IPv6 disabled by default. Most users don't know what IPv6 is and never enable it.
 
Asus routers come with IPv6 disabled by default. Most users don't know what IPv6 is and never enable it.
Understood. And, I agree. Most of the time people have no need to turn it on and shouldn't. But, if there is a need I don't think its prudent to be saying with IPv6 being on, you are at risk if you have an ASUS router.
 
Do you know of any examples where an ASUS customer's private network has been penetrated because the IPv6 firewall on ASUS devices is insufficient? I understand with IPv6 there is no NAT. Thats the nature of IPv6. But, if there is a major concern with the firewall on ASUS routers, especially for customers who only have IPv6, it sounds like you are saying they should not be using ASUS routers.
Here is a vulnerability, I am sure it has been fixed.
 
But, if there is a need I don't think its prudent to be saying that with IPv6 being on, you are at risk if you have an ASUS router.

This is something I personally don't know. Trying to find out in this discussion. None of the lead SNB developers expressed an opinion yet. Why is IPv6 disabled by default in Asuswrt, for example? It this recommended by Asus setting?
 
Understood. And, I agree. Most of the time people have no need to turn it on and shouldn't. But, if there is a need I don't think its prudent to be saying with IPv6 being on, you are at risk if you have an ASUS router.
The fact that you think you are secure with IPV6 is really just what you perceive to be secure. Your perception of secure will remain until another vulnerability is found and fixed by asus behind the scenes. Just realize because you perceive you are secure does not mean you are secure.
 
Here is a vulnerability, I am sure it has been fixed.

That wasn't the question. I could post these all day long from other router vendors, OSes..etc that have vulnerabilities due to bugs and bad code. I subscribe to these CVE's as well. If you are saying stop using a feature or router because there has been a CVE for the device or feature, I guess we would throw out almost everything. At any rate, the question is, are you aware of any network that has been penetrated because a customer was using an ASUS router with IPv6 enabled? If there are examples, its seems like the answer is simple. Just buy another router.
 
That wasn't the question. I could post these all day long from other router vendors, OSes..etc that have vulnerabilities due to bugs and bad code. I subscribe to these CVE's as well. If you are saying stop using a feature or router because there has been a CVE for the device or feature, I guess we would throw out almost everything. At any rate, the question is, are you aware of any network that has been penetrated because a customer was using an ASUS router with IPv6 enabled? If there are examples, its seems like the answer is simple. Just buy another router.
Personally No. But I am sure it has happen or the possibility exist otherwise why would new vulnerabilities be discovered and fixed.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top