NO IPV6 Firewall in stock ausus firmware

[Deleted member 22229]

The subject is the question why wont stock Asus firmware implement a V6 firewall? Is there no security risk involved or is there ? Can someone explain ?? BTW: I have the N66R

 

[RMerlin]

The subject is the question why wont stock Asus firmware implement a V6 firewall? Is there no security risk involved or is there ? Can someone explain ?? BTW: I have the N66R

That question should be sent to Asus, not to the community here. Personally, I did my part to solve that.

 

[PrivateJoker]

Not to diminish the importance or need of such defenses (I have posted in the last week an IPV6 port scanner, etc) but if I was a bad guy, IPV6 doesn't strike me as a very straightforward, easily & widely exploitable attack vector.

We're 2 years past "IPV6 day" and IPV6 is still kind of a work in progress and far, far from being the transport layer the internet and our home networks rely upon. The users of this site are bound to be an unusually ahead of the curve/early adopter/high tech savvy end user - but in the bigger picture I'm probably the only person among my friends & family that has IPV6 native ISP, w/ IPV6 DNS, a cable modem & head end w/ IPV6 enabled, an IPV6 dual stack router, and almost entirely IPV6 dual stack enabled client devices.

So yes it's important, of course, but if you're geeky enough to have a similar setup chances are you didn't fall backwards blindly into it and not know what to do about it.

If I'm a bad guy, I'm spending my time on the old standbys like Java and Adobe exploits instead of attempting proof of concept IPV6 end user attacks. . In no way trying to encourage complacency, just saying that, if anything, the IPV6 adopting demographic is probably more security aware than the average user who turns on AiCloud remote management features blindly and doesn't question the security risks but also thinks switching their router login to HTTPS brings them some sort of added security.

 

[RogerSC]

Not to diminish the importance or need of such defenses (I have posted in the last week an IPV6 port scanner, etc) but if I was a bad guy, IPV6 doesn't strike me as a very straightforward, easily & widely exploitable attack vector.

We're 2 years past "IPV6 day" and IPV6 is still kind of a work in progress and far, far from being the transport layer the internet and our home networks rely upon. The users of this site are bound to be an unusually ahead of the curve/early adopter/high tech savvy end user - but in the bigger picture I'm probably the only person among my friends & family that has IPV6 native ISP, w/ IPV6 DNS, a cable modem & head end w/ IPV6 enabled, an IPV6 dual stack router, and almost entirely IPV6 dual stack enabled client devices.

So yes it's important, of course, but if you're geeky enough to have a similar setup chances are you didn't fall backwards blindly into it and not know what to do about it.

If I'm a bad guy, I'm spending my time on the old standbys like Java and Adobe exploits instead of attempting proof of concept IPV6 end user attacks. . In no way trying to encourage complacency, just saying that, if anything, the IPV6 adopting demographic is probably more security aware than the average user who turns on AiCloud remote management features blindly and doesn't question the security risks but also thinks switching their router login to HTTPS brings them some sort of added security.

I know what you mean, but who wants to deliberately play the percentages? IPv6 is a little different than IPv4 in terms of more exposure on the internet despite being connected to a router. I, for one, don't want to be the first guy on my block whose system was taken over because of not paying attention to the obvious ease of exploits. Besides, part of being geeky (and sleeping at night) is to have complete IPv6 (actually it's a dual stack, as you know) networking set up including a firewall. So it goes.

 

[PrivateJoker]

I know what you mean, but who wants to deliberately play the percentages? IPv6 is a little different than IPv4 in terms of more exposure on the internet despite being connected to a router. I, for one, don't want to be the first guy on my block whose system was taken over because of not paying attention to the obvious ease of exploits. Besides, part of being geeky (and sleeping at night) is to have complete IPv6 (actually it's a dual stack, as you know) networking set up including a firewall. So it goes.

Right on the money @RogerSC, I agree completely. I started to respond in this thread, just brainstorming security in general and it veered off the OP's intent in this particular thread so I started a new one. Nothing novel or exceptionally innovative, just threw out a few of my regular tactics. Curious on thoughts and feedback. Thx!

 

[wouterv]

I do agree as well.
You shall use IPv6 only with a Firewall in the router.
Besides, to my opinion, there is not much need right now to have IPv6 enabled.
I have never ran into anything on the web yet that cannot be reached over IPv4, except the sites or applications that on purpose are IPv6 only.

 

[Deleted member 22229]

That question should be sent to Asus, not to the community here. Personally, I did my part to solve that.

Yes you did Merlin thats why i just went back to your build 3.0.0.4.374.33_0 sdk5. Thanks for your work.