What's new
By:

Dual Stack home network pros and cons

Frank Monroe said:
I guess the point I am trying to make is, even though the IPv6 firewall may be "very light," your internal devices are not accessible from the outside with IPv6 enabled.
Click to expand...
not trying to beat around the bush, but that is not necessarily true, especially with internal devices making out bound connections.
 
SomeWhereOverTheRainBow said:
not trying to beat around the bush, but that is not necessarily true, especially with internal devices making out bound connections.
Click to expand...
I am trying to understand. Can you elaborate? I have tested this several times with the IPv6 firewall on and I haven't seen an exposure. Once the IPv6 firewall is turned off, of course, there are issues.
 
Frank Monroe said:
Scan for open ports and also attempted to access ports and service that I know to be open.
Click to expand...
Neighbor Discovery can easily pose a risk with MITM attacks. With IPV4 there is NAT and stateful firewalling where internal controls allow outbound connections of internal devices while rejecting vice versa from occurring from the same instance.
 
SomeWhereOverTheRainBow said:
Neighbor Discovery can easily pose a risk with MITM attacks. With IPV4 there is NAT and stateful firewalling where internal controls allow outbound connections of internal devices while rejecting vice versa from occurring from the same instance.
Click to expand...
Do you know of any examples where an ASUS customer's private network has been penetrated because the IPv6 firewall on ASUS devices is insufficient? I understand with IPv6 there is no NAT. Thats the nature of IPv6. But, if there is a major concern with the firewall on ASUS routers, especially for customers who only have IPv6, it sounds like you are saying they should not be using ASUS routers.
 
sfx2000 said:
This is why people should be testing and using IPv6 - can fix things that devs don't know is broken...
Click to expand...

What about business firewalls? Play guinea pig and let us know?
Paid developers had 10+ years time to test IPv6 and make it work.
 
Frank Monroe said:
So, do you know of any examples where an ASUS customer's private network has been penetrated because the IPv6 firewall
Click to expand...

Asus routers come with IPv6 disabled by default. Most users don't know what IPv6 is and never enable it.
 
Tech9 said:
Asus routers come with IPv6 disabled by default. Most users don't know what IPv6 is and never enable it.
Click to expand...
Understood. And, I agree. Most of the time people have no need to turn it on and shouldn't. But, if there is a need I don't think its prudent to be saying with IPv6 being on, you are at risk if you have an ASUS router.
 
Frank Monroe said:
Do you know of any examples where an ASUS customer's private network has been penetrated because the IPv6 firewall on ASUS devices is insufficient? I understand with IPv6 there is no NAT. Thats the nature of IPv6. But, if there is a major concern with the firewall on ASUS routers, especially for customers who only have IPv6, it sounds like you are saying they should not be using ASUS routers.
Click to expand...
Here is a vulnerability, I am sure it has been fixed.

NVD - CVE-2021-3128

nvd.nist.gov nvd.nist.gov
 
Frank Monroe said:
But, if there is a need I don't think its prudent to be saying that with IPv6 being on, you are at risk if you have an ASUS router.
Click to expand...

This is something I personally don't know. Trying to find out in this discussion. None of the lead SNB developers expressed an opinion yet. Why is IPv6 disabled by default in Asuswrt, for example? It this recommended by Asus setting?
 
Frank Monroe said:
Understood. And, I agree. Most of the time people have no need to turn it on and shouldn't. But, if there is a need I don't think its prudent to be saying with IPv6 being on, you are at risk if you have an ASUS router.
Click to expand...
The fact that you think you are secure with IPV6 is really just what you perceive to be secure. Your perception of secure will remain until another vulnerability is found and fixed by asus behind the scenes. Just realize because you perceive you are secure does not mean you are secure.
 
SomeWhereOverTheRainBow said:
Here is a vulnerability, I am sure it has been fixed.
Click to expand...

That wasn't the question. I could post these all day long from other router vendors, OSes..etc that have vulnerabilities due to bugs and bad code. I subscribe to these CVE's as well. If you are saying stop using a feature or router because there has been a CVE for the device or feature, I guess we would throw out almost everything. At any rate, the question is, are you aware of any network that has been penetrated because a customer was using an ASUS router with IPv6 enabled? If there are examples, its seems like the answer is simple. Just buy another router.
 
Frank Monroe said:
That wasn't the question. I could post these all day long from other router vendors, OSes..etc that have vulnerabilities due to bugs and bad code. I subscribe to these CVE's as well. If you are saying stop using a feature or router because there has been a CVE for the device or feature, I guess we would throw out almost everything. At any rate, the question is, are you aware of any network that has been penetrated because a customer was using an ASUS router with IPv6 enabled? If there are examples, its seems like the answer is simple. Just buy another router.
Click to expand...
Personally No. But I am sure it has happen or the possibility exist otherwise why would new vulnerabilities be discovered and fixed.
 
sfx2000 said:
Not all of us are active on the community projects for Asus or Netgear - doesn't mean we're not developers
Click to expand...

I understand. Waiting patiently for more answers.

I'm not okay with your should be ok though. I don't like people should be testing part either. ;)
 
You must log in or register to reply here.

Similar threads

giopas
From public fixed IPv4 to private dynamic IPv4 + public dynamic IPv6 (dual stack)
Replies
16
Views
3K
drinkingbird
drinkingbird
H
Solving: Slow LAN speeds and directing traffic by NIC
Replies
5
Views
2K
degrub
D
K
G to AC66 Dual Band Architecture feedback
Replies
4
Views
3K
azazel1024
azazel1024
H
Home Network Design with PoE and Link Aggregation for NAS
Replies
7
Views
5K
htismaqe
htismaqe
Similar threads
Thread starter Title Forum Replies Date
Johno Experiences with Glovary mini-pc six port router running Proxmox/PfSense/OPNSense/AdGuard Home Routers 0
Z AdGuard Home on pfSense Routers 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,642 (members: 21, guests: 2,621)
Back
Top