The main issue is that you can port scan all those IPv4 addresses in minutes. It's impossible for v6 so the issue, even without a firewall, isn't a big issue.
I know you can do address harvesting like it was done with pool.ntp.org by shodan but if you don't use any public services your IoT devices are basically protected by the 128bit address space. So you need a address harvesting possibility, and people are watching for this as seen in the shodan case, and an exploitable issue at the same time. Not impossible and you should use a firewall but orders of magnitude less scary than a public routable IPv4 address.
Consumer routers typically have a firewall. Additionally all those IoT devices are able to obtain these publicly routable ipv6 addresses already in millions of homes, its just the numbers are lower
bauruine|2 years ago
I know you can do address harvesting like it was done with pool.ntp.org by shodan but if you don't use any public services your IoT devices are basically protected by the 128bit address space. So you need a address harvesting possibility, and people are watching for this as seen in the shodan case, and an exploitable issue at the same time. Not impossible and you should use a firewall but orders of magnitude less scary than a public routable IPv4 address.
autoexecbat|2 years ago
kps|2 years ago