IPv6. No. Badly configured IPv6 routers, yes. But that’s something that would fix itself if it became the only protocol in use. And most routers now are pretty good at it from what I’ve seen. But it used to be the case it was easy to find bad routers.
The myth seems to be that NAT provides security. But a good default configuration for consumer routers would give the same security as NAT while providing the advantages and extra security IPv6 provides.
IPv6 usually has privacy extensions enabled. Which means it will generate throwaway IP addresses that rotate regularly for your outgoing connections, these IPs do not accept incoming connections. So someone cannot nmap you to find open ports based on the IP you connected to their server with.
Not to mention that most ISPs give each user more IPs than the whole IPv4 internet has. So, port scanning an entire /64 is not going to be fun.
Good points, the difference being NAT crossing requires something on the inside to enable it, while IP6 security requires the consumer router to be properly configured.
And I disagree with the assumption that badly configured routers won’t exist if IP6 were the default. Bad design doesn’t magically go away.
The bottom line is small LANs don’t benefit from IP6 today. Large LANS don’t benefit because they already have extensive IP4 configuration in place, and attempting to migrate is costly, risky, and without a clear benefit to offset those costs and risks.
Most likely enterprises may use 6 on new networks, but even that is questionable when so many extant products still rely on 4 - you don’t want to create a problem for those systems.
IPv6. No. Badly configured IPv6 routers, yes. But that’s something that would fix itself if it became the only protocol in use. And most routers now are pretty good at it from what I’ve seen. But it used to be the case it was easy to find bad routers.
The myth seems to be that NAT provides security. But a good default configuration for consumer routers would give the same security as NAT while providing the advantages and extra security IPv6 provides.
IPv6 usually has privacy extensions enabled. Which means it will generate throwaway IP addresses that rotate regularly for your outgoing connections, these IPs do not accept incoming connections. So someone cannot nmap you to find open ports based on the IP you connected to their server with.
Not to mention that most ISPs give each user more IPs than the whole IPv4 internet has. So, port scanning an entire /64 is not going to be fun.
Good points, the difference being NAT crossing requires something on the inside to enable it, while IP6 security requires the consumer router to be properly configured.
And I disagree with the assumption that badly configured routers won’t exist if IP6 were the default. Bad design doesn’t magically go away.
The bottom line is small LANs don’t benefit from IP6 today. Large LANS don’t benefit because they already have extensive IP4 configuration in place, and attempting to migrate is costly, risky, and without a clear benefit to offset those costs and risks.
Most likely enterprises may use 6 on new networks, but even that is questionable when so many extant products still rely on 4 - you don’t want to create a problem for those systems.